Apple makes 2FA mandatory for boss developers

By

Better late than never, and you’ve got a week to make this happen.

Apple has announced that from February 27, 2019, two-factor authentication (2FA) will be compulsory for boss developers.

Apple makes 2FA mandatory for boss developers

“In an effort to keep accounts more secure, developers with the Account Holder role in a developer program will need to enable two-factor authentication to sign in to their Apple Developer account and Certificates, Identifiers & Profiles,” the company announced today.

Apple’s announcement was typically brief, so offers no information about why it’s added the requirement. But it is not hard to surmise the reasons: as explained here, the Account Holder role has powers that even Admins don’t possess, including the ability to create and revoke distribution certificates with which apps are signed.

Gaining access to an Account Holder’s account is therefore a ticket to potential App Store mass-scale mischief and mayhem for miscreants. 2FA will reduce the likelihood of that happening.

The indecent haste of the new policy’s introduction is a case of better late than never: Account Holder creds are surely a known target for attackers and the lack of 2FA makes them vulnerable.

You’d hope that folks with Account Holder status would understand the need for strong passwords, but a myriad incidents show it’s seldom hard to find someone who thinks an attack would never happen them …

Account Holders will need a device running iOS, or a Mac running OS X El Capitan or later, as their second source of authentication.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
app storeapplesecuritytwofactor authentication

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?