All Apple Developer Accounts to require two-factor authentication

Last updated:

Apple is now requiring all developers to use the company’s two-factor authentication protocol to protect their Apple IDs. Apple has required new Apple Developer Program signups to have two-factor authentication enabled for a while now and this change is now being brought to all existing developer accounts.

The change, which goes into effect on February 27, is designed to keep developer accounts more secure by ensuring only account owners can access the sensitive information.

When the backend implementation goes live, developers who do not already have two-factor authentication enabled will be required to do so when signing in to their Apple Developer account. Enhanced security also applies to developer Certificates, Identifiers & Profiles.

Apple’s stated to developers:

In an effort to keep your account more secure, two-factor authentication will be required to sign in to your Apple Developer account and Certificates, Identifiers & Profiles starting February 27, 2019. This extra layer of security for your Apple ID helps ensure that you’re the only person who can access your account.

If you haven’t already enabled two-factor authentication for your Apple ID, please learn more and update your security settings.

The email includes links to a support page covering two-factor authentication for Apple ID, as well as a contact form directed to Apple Developer Relations.

Two-factor authentication for developers is identical to the solution rolled out for consumers operating Mac and iOS devices.

After activating the feature on macOS or iOS, every Apple ID login attempt on an unregistered device requires both a password and a six-digit code generated by Apple and sent to a trusted iPhone, iPad or Mac.

With two-factor authentication, your account can only be accessed on devices you trust, like your iPhone, iPad, or Mac. When you want to sign in to a new device for the first time, you’ll need to provide two pieces of information—your password and the six-digit verification code that’s automatically displayed on your trusted devices. By entering the code, you’re verifying that you trust the new device.

Once signed in, you won’t be asked for a verification code on that device again unless you sign out completely, erase the device, or need to change your password for security reasons. When you sign in on the web, you can choose to trust your browser, so you won’t be asked for a verification code the next time you sign in from that computer.

Apple does not require a verification code when accessing Apple ID from a trusted device, though that status will be revoked if a user signs out completely or erases the device.

A trusted device is an iPhone, iPad, or iPod touch with iOS 9 and later, or a Mac with OS X El Capitan and later that you’ve already signed in to using two-factor authentication. It’s a device Apple knows is yours and that can be used to verify your identity by displaying a verification code from Apple when you sign in on a different device or browser.

A trusted phone number is a number that can be used to receive verification codes by text message or automated phone call. You must verify at least one trusted phone number to enrol in two-factor authentication.