Today, Apple sent out an email to all members of its developer program, saying that they'll have to use two-factor authentication to access their account, and Certificates, Identifiers, & Profiles, beginning on February 27. The firm has been requiring this for new Apple Developer members for some time, but now it's finally going to be required for everyone.
Here's the full text of the email:
"In an effort to keep your account more secure, two-factor authentication will be required to sign in to your Apple Developer account and Certificates, Identifiers & Profiles starting February 27, 2019. This extra layer of security for your Apple ID helps ensure that you're the only person who can access your account. If you haven't already enabled two-factor authentication for your Apple ID, please learn more and update your security settings.
If you have any questions, contact us.
Apple Developer Relations"
Obviously, this won't have much of an effect on developers that have two-factor authentication enabled already, which is presumably most of them. Developers seemingly would have a better understanding than the average person of the security risks involved in not having two-factor enabled.
One issue that developers might run into with this is if they use two separate Apple IDs, one for their personal devices and one for development. Apple's two-factor authentication doesn't work via SMS like many others. It sends an alert to another one of your Apple devices, the user clicks approve, and then a six-digit code is displayed that the user enters on the device trying to access the account. If that user doesn't have a device logged into the same account, then they can't access that account.