No comments (seriously, don’t know what to say about this guy)
The problem with forcing the accounts is that for many developers that account is separate - meaning it’s not the primary account and therefore you don’t have a way to enable 2FA.
I have multiple Apple IDs, thankfully I can put the developer account on my test iPhone - but that will break a number of other things as a consequence. I don’t want to be forced to purchase a device just for 2FA, but if I can’t work around things I may have to. Let’s hope the March event has some iPod Touch announcements!
I’m also worried about this.
I use 2FA for my personal Apple ID, but I have multiple Apple Developer IDs that don’t have 2FA enabled. For me it would be fine if Apple added TOTP instead of requiring an iOS/macOS device.
It looks like Kyle Seth Gray has a workaround, which isn’t the simplest but seems to work:
Not an Apple Developer but seriously, I just don’t get 2FA as a general thing. The theory is nice bu tin practice it’s a PITA to use. I don’t agree that it offers enough added security to warrant the hassles.
MFA done right isn’t much of a hassle at all and is exceedingly valuable (but not a panacea) as a means of increasing overall security. What Apple does for MFA is… well, baffling beyond belief, but that’s in line with pretty much everything they try to do that involves online services.
I’m in the process of rolling out Duo’s MFA in a trial and it’s almost a pleasure to use. It helps that I have an Apple Watch and can acknowledge the Duo Push prompt using it