Apple Requiring Two-Factor Authentication for Developer Accounts as of February 27

Since you all are using a secondary iCloud account, like me, here’s the trick:

On your Mac, create a new user account. Set up that account to use your developer iCloud account. You will be prompted to turn on 2factor. Do so. Give it your phone number. When it’s done. Remove the user account.

Now, when you are prompted for 2factor, click the “I didn’t receive a code” link, and you can choose to send a code to your phone.

This is extremely problematic for my use-case. I'm the Apple Developer/Connect admin for a very large organization that publishes multiple apps from multiple developers/app managers under our license.

Due to turnover and the account being tied to a large organization, the "owner" of the account is more of a role account, and not really tied to an individual with a particular number/device.

IMO if Apple really wants to enforce two factor, they need to offer more two-factor options or account for role-based accounts in a better way. This is going to be anywhere from a huge PITA to a nightmare. :(

This is extremely problematic for my use-case. I'm the Apple Developer/Connect admin for a very large organization that publishes multiple apps from multiple developers/app managers under our license.

Due to turnover and the account being tied to a large organization, the "owner" of the account is more of a role account, and not really tied to an individual with a particular number/device.

IMO if Apple really wants to enforce two factor, they need to offer more two-factor options or account for role-based accounts in a better way. This is going to be anywhere from a huge PITA to a nightmare. :(

I know, the first thing I thought when I read this was "Who the hell uses their personal Apple ID for a dev account?"

Apple needs to allow for receiving two factor codes for multiple Apple IDs on one device, otherwise this is going to piss people the hell off.

Since you all are using a secondary iCloud account, like me, here’s the trick:

On your Mac, create a new user account. Set up that account to use your developer iCloud account. You will be prompted to turn on 2factor. Do so. Give it your phone number. When it’s done. Remove the user account.

Now, when you are prompted for 2factor, click the “I didn’t receive a code” link, and you can choose to send a code to your phone.

Also, if you log off the account prior to removing the user, OR you remove the device in appleid.apple.com, then you don’t have to click a link each time. You will receive an iMessage each time you need to provide a code.

This is awful. And stupid. And awfully stupid.

For our company account, NOBODY logs in to an Apple device using that ID. That will apply for most companies. Fortunately, need to log in with that account is minimal, since each developer uses their own linked account. When somebody DOES log in (to accept terms and conditions, to pay the yearly bill, etc. etc.) it will be different people who have access to the password.

The phone number goes to a VOIP line.

My own developer account is separate from the account that I log in to my Mac and iDevices with. Because I thought that was a Good Idea. At least I can verify by SMS.

But of course, SMS is a TERRIBLE way to do 2-factor authentication.

If they want to get serious, allow 2-factor with a dongle. And allow multiple dongles to be registered per account.

We actually have the same issue above. Not sure why Apple has not embraced dual Apple IDs. Dropbox as an example did a great job at having Personal and Work accounts on a single install.

The options available to solve this issue are all pretty bad.

Excellent. Leader in privacy & account security. Now maybe they’ll get sued ('https://www.macrumors.com/2019/02/09/apple-two-factor-authentication-lawsuit/') for it.

This is extremely problematic for my use-case. I'm the Apple Developer/Connect admin for a very large organization that publishes multiple apps from multiple developers/app managers under our license.

Due to turnover and the account being tied to a large organization, the "owner" of the account is more of a role account, and not really tied to an individual with a particular number/device.

IMO if Apple really wants to enforce two factor, they need to offer more two-factor options or account for role-based accounts in a better way. This is going to be anywhere from a huge PITA to a nightmare. :(

Apple is looking for a PR solution, not a real solution. 2 factor the way Apple does it is not more secure, except maybe in a few very minor edge cases. To be secure, 2 factor needs to use a separate device from the one the login originated that always requires a password to access the key. The password needs to be different from the normal account password and it needs to be always locked. Apple marketing is engaging in security theater here at the detriment of users.

Why exactly do my accounts need to be more secure? Become someone is abusing the enterprise certificate program?

I am extremely happy about this. I hope within iOS 13 apple forces all user accounts with 2FA. Or they should keep more new features only for accounts to 2FA. We are humans & passwords are super easy to crack.

I do know that 70%+ of iTunes accounts are already 2FA enabled. So, hopefully their Black market value increases.

They should go with DNA checks to make it all more secure.