Last week, Apple informed people who have Apple developer accounts that they need to set up two-factor authentication for those accounts. They sent the following email:
In an effort to keep your account more secure, two-factor authentication will be required to sign in to your Apple Developer account and Certificates, Identifiers & Profiles starting February 27, 2019. This extra layer of security for your Apple ID helps ensure that you’re the only person who can access your account. If you haven’t already enabled two-factor authentication for your Apple ID, please learn more and update your security settings.
This two-week warning was a bit surprising, but even more so because many people use a separate Apple ID for their developer accounts; some even manage multiple developer accounts for clients. Since Apple’s method of using two-factor authentication is device-specific – it sends codes to trusted devices – this can be problematic.
Fortunately, there is a workaround.
Start by creating a new user account on a Mac. Sign into iCloud with that account using your developer account Apple ID. You will be asked if you want to turn on two-factor authentication; go ahead.
You’ll be asked to give a phone number on which you can receive a code via SMS. Give the number of your iPhone, or whatever phone you use. When you get the code, enter it to complete the setup.
Go to the Apple developer website and log in using your developer Apple ID and password. You’ll be asked to enter a code that was sent to your device; this will be the Mac where you set up the new user account.
Ignore that code and click Didn’t get a verification code? You’ll see the following:
Click Text Me to get a six-digit code sent to your phone. Enter that code and you’re in.
Once you’ve done this, you can delete the user account you created.
It’s a shame that Apple doesn’t offer the ability to use an authenticator app to generate codes. I know a lot of developers – including myself – who were a bit confused by the email saying they had to turn on two-factor authentication, because your individual devices are used for the verification, and the same device cannot be used for multiple accounts.
And the other problem is for people who manage multiple developer accounts. Having to go through this process for each one is time-consuming. Yet another reason why Apple’s Apple ID system needs to be rethought.