Apple makes 2FA mandatory for app store developer bosses

By on
Apple makes 2FA mandatory for app store developer bosses

Apple has announced that from 27 February, 2019, two-factor authentication (2FA) will be compulsory for boss developers.

“In an effort to keep accounts more secure, developers with the Account Holder role in a developer program will need to enable two-factor authentication to sign in to their Apple Developer account and Certificates, Identifiers & Profiles,” the company announced today.

Apple’s announcement was typically brief, so offers no information about why it’s added the requirement. But it is not hard to surmise the reasons: as explained here, the account holder role has powers that even admins don’t possess, including the ability to create and revoke distribution certificates with which apps are signed.

Gaining access to an account holder’s account is therefore a ticket to potential App Store mass-scale mischief and mayhem for miscreants. 2FA will reduce the likelihood of that happening.

The indecent haste of the new policy’s introduction is a case of better late than never: Account Holder creds are surely a known target for attackers and the lack of 2FA makes them vulnerable.

You’d hope that folks with account holder status would understand the need for strong passwords, but myriad incidents show it’s seldom hard to find someone who thinks an attack would never happen them.

Account holders will need a device running iOS, or a Mac running OS X El Capitan or later, as their second source of authentication.

 

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

Have you adopted agile methodologies?
Yes - And it made a big different improve productivity
Yes - But it's not made a big difference to productivity
No - But we're thinking of giving it a try
No – We’re happy with our current methods
No - Because it is a stupid idea and a fad
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?