Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple to require two-factor authentication for developer accounts

Apple's two-factor authentication system on iOS.

Last updated

In a bid to secure developer accounts from nefarious actors, Apple on Wednesday said all app makers will be required to use the company's two-factor authentication protocol to protect their Apple IDs.

The change, which goes into effect on Feb. 27, is designed to keep developer accounts more secure by ensuring only account owners can access the sensitive information, Apple said in an email.

When the backend implementation goes live, developers who do not already have two-factor authentication enabled will be required to do so when signing in to their Apple Developer account. Enhanced security also applies to developer Certificates, Identifiers & Profiles.

Apple's letter to developers:

In an effort to keep your account more secure, two-factor authentication will be required to sign in to your Apple Developer account and Certificates, Identifiers & Profiles starting February 27, 2019. This extra layer of security for your Apple ID helps ensure that you're the only person who can access your account. If you haven't already enabled two-factor authentication for your Apple ID, please learn more and update your security settings.

The email includes links to a support page covering two-factor authentication for Apple ID, as well as a contact form directed to Apple Developer Relations.

Two-factor authentication for developers is identical to the solution rolled out for consumers operating Mac and iOS devices. After activating the feature on macOS or iOS, every Apple ID login attempt on an unregistered device requires both a password and a six-digit code generated by Apple and sent to a trusted iPhone, iPad or Mac. Apple does not require a verification code when accessing Apple ID from a trusted device, though that status will be revoked if a user signs out completely or erases the device.

While not foolproof, two-factor authentication significantly enhances account security, and in doing so reduces the chance of unwarranted access by an outside party.



18 Comments

SpamSandwich 19 Years · 32917 comments

That should’ve been standard practice from the beginning.

felix01 17 Years · 297 comments

That should’ve been standard practice from the beginning.

Agree, I'm already good to go. 

gustav 22 Years · 828 comments

That should’ve been standard practice from the beginning.

The only issue with this is that apple's 2FA requires a device be signed into iCloud with that AppleID. Many developers have a personal AppleID and a separate one for Developer AppleID. So, you need to have a separate device with you at all times in order to sign into your Developer Apple ID.

I wish Apple would also support TOTP as well.

coolfactor 20 Years · 2342 comments

I do think 2-factor authentication goes a long way to offering more protection, but is really designed for individuals, not companies. For example, how does a company the size of Apple secure a "developer account" with another company? Who is the "account owner" within the context of such a large company? Which devices used for authentication belong to that owner? This is where 2-factor authentication breaks down.

EDIT: Maybe I misunderstood slightly. This seems to be about securing the Apple IDs that belong to the designated account owner.... so it's still authenticating an individual, not a company.

anantksundaram 18 Years · 20391 comments

As the recent thread on 2FA pointed out in spades, Apple really needs to up its game on how it implements 2FA. It’s annoying, and clunky. Period.

(If you have any questions, I invite you look at that thread from just a couple of days ago).