Apple to require two-factor authentication for developer accounts

The change, which goes into effect on Feb. 27, is designed to keep developer accounts more secure by ensuring only account owners can access the sensitive information, Apple said in an email.

When the backend implementation goes live, developers who do not already have two-factor authentication enabled will be required to do so when signing in to their Apple Developer account. Enhanced security also applies to developer Certificates, Identifiers & Profiles.

Apple's letter to developers:

In an effort to keep your account more secure, two-factor authentication will be required to sign in to your Apple Developer account and Certificates, Identifiers & Profiles starting February 27, 2019. This extra layer of security for your Apple ID helps ensure that you're the only person who can access your account. If you haven't already enabled two-factor authentication for your Apple ID, please learn more and update your security settings.

The email includes links to a support page covering two-factor authentication for Apple ID, as well as a contact form directed to Apple Developer Relations.

Two-factor authentication for developers is identical to the solution rolled out for consumers operating Mac and iOS devices. After activating the feature on macOS or iOS, every Apple ID login attempt on an unregistered device requires both a password and a six-digit code generated by Apple and sent to a trusted iPhone, iPad or Mac. Apple does not require a verification code when accessing Apple ID from a trusted device, though that status will be revoked if a user signs out completely or erases the device.

While not foolproof, two-factor authentication significantly enhances account security, and in doing so reduces the chance of unwarranted access by an outside party.