App Store requires devs in ‘Account Holder’ role to enable 2FA

App Store requires devs in ‘Account Holder’ role to enable 2FA
Ryan is an editor at TechForge Media with over a decade of experience covering the latest technology and interviewing leading industry figures. He can often be sighted at tech conferences with a strong coffee in one hand and a laptop in the other. If it's geeky, he’s probably into it. Find him on Twitter: @Gadget_Ry

Apple has announced that developers with the ‘Account Holder’ role on the App Store will have to enable two-factor authentication.

The change is compulsory and will come into effect from February 27th.

“In an effort to keep accounts more secure, developers with the Account Holder role in a developer program will need to enable two-factor authentication to sign in to their Apple Developer account and Certificates, Identifiers & Profiles,” the company wrote.

Apple has not disclosed a specific reason for the change, but it could be part of its wider crackdown on enterprise security certificate abuses.

Last month, Facebook was discovered to be distributing a ‘research’ app to consumers – which incentivised users as young as 13 to share their phone and web activity in return for payment – through Apple's enterprise program.

As part of its crackdown, Apple revoked the enterprise certificates of Facebook and several other developers found to be misusing them. Access has since been restored but Apple continues to be more strict about policing its program.

In a statement, Apple said its enterprise program was designed “solely for the internal distribution of apps within an organization”.

“Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data,” it added.

The ‘Account Holder’ role allows the distribution and revocation of enterprise certificates, a power not even admins have. There’s a good chance the 2FA requirement is designed to prevent hacked accounts from abusing Apple's program.

Account Holders require a device running iOS, or a Mac running OS X El Capitan or later, as their second source of authentication.

(Photo by Michał Kubalczyk on Unsplash)

Interested in hearing industry leaders discuss subjects like this? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *