Could you tell me about account security and passkeys? Our service is considering implementing passkeys, and these questions are to understand how Apple protects accounts from third parties.
① Apple website states that two-factor authentication is mandatory for newly created Apple Accounts. When did this requirement come into effect? What are the conditions for users who do not have two-factor authentication enabled?
② Apple website mentions that a verification code may be required when signing into an Apple Account from a new device or browser. Is my understanding of the situations where a verification code is requested accurate, as listed below? Are there any other situations?
- Completely signing out of the Apple Account on that device.
- Erasing the device.
- Needing to change the password for security reasons.
③ If a user is already using a passkey on an Apple device, and then upgrades to a new device, will additional authentication, such as entering a PIN code, be required to use the passkey on the new device?
Hi @umiushi,
These questions apply to all Apple Accounts and are not developer-specific, so I suggest for you to post your questions on the Apple Support Community:
Apple Support Community
https://discussions.apple.com/welcome
The Apple Developer Forums are intended to help the developer community with code-level questions about Apple frameworks and services. Thanks for understanding.
Cheers,
Paris X Pinkney | WWDR | DTS Engineer
