Apple ID 2FA requires being logged in to an Apple device
| Originator: | jared.sorge | ||
| Number: | rdar://48050619 | Date Originated: | 13-Feb-2019 01:41 PM |
| Status: | Open | Resolved: | |
| Product: | Developer Tools | Product Version: | 1.0 |
| Classification: | Security | Reproducible: | Always |
Summary: The 2-factor authentication system employed by Apple requires the user to be logged in to an Apple device, where the code is then displayed. A change coming to the Certificates & Profiles section of my Developer page is going to require 2FA be activated for my account. However the account I use to manage my certificates and profiles is not logged in on any Apple device. It’s associated with my company ID, and I use a personal Apple ID on my computers and iOS devices. I’d like there to be some way to enable 2FA on my account (of course I want the increased security) without the hassle of logging in on a device. This is traditionally accomplished by one-time password URLs. Steps to Reproduce: After Feb. 27, 2019, attempt to log in to the developer portal using an account not protected by 2FA and go to Certificates & Profiles. Expected Results: Should be able to access the page. Actual Results: Unable to access. Version: 1.0 Notes: I’m not proposing that 2FA not be enforced, rather that we need an alternate implementation that does not require an account logged in to an Apple device.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!