A few days ago I wrote about my adventures with Apple IDs. I was able to resolve the situation by resetting the original work Apple ID I had created.
After resetting the password, I signed into the account.apple.com page. There I setup new security questions, and I set up the shipping address and added a phone number. I couldn’t reuse my cell phone number but I was able to use a freshly created Google Voice number.
Then I signed into the Apple ID in the Settings app in MacOS. Finally I opened up the App Store, and when I was asked to review my account information, it was pre-filled, and the form worked as expected. Previous the form had not be pre-filled, leading me to think I had inadvertently done something out of order.
With a working Apple ID based on my work email address, I am one step closer to separating my work and personal computing personas. I am not done, however.
I have two work provided computers: a M2 14" MacBook Pro, and the new M4 Mac Mini. The MacBook Pro still has the previous generation JAMF remote management software in place, which has less strict policies. I can use Passwords on that machine. I expect JAMF to be replaced at some point (likely with little or no warning), so I want to migrate it to the new Apple ID. Lots of things are tied to ones Apple ID, so I need to make sure I have back ups, and know which settings and apps will need to be redone following an Apple ID switch.
The other place where my work and personal worlds collide is GitHub. I’ve been using my personal account for work. I added my work email address, and I use that when doing any Git related work for my employer, but it is still my personal account.
Where this gets messy is two-factor authorization. What started all this was the inability to use the MacOS Passwords app under the Intune remote management policies in place. Passwords is where the 2FA token for my GitHub account is generated. (Yeah. Using the same software to store both the password and 2FA token for an account defeats the purposed. That’s a problem for another day.)
If I don’t create a work GitHub account, that has its own 2FA token, then I’ll have to use my iPhone or personal laptop anytime I need to provide GitHub with a 2FA token. Cumbersome, but doable.
If I do create a new work GitHub account, there is some work to be done to get me added to the organization, and setup on all the teams and repositories I have access to. Not much work, but some.
My configuration for Git (and most other tools I use), is stored in a “dotfiles” repository. Recently I read Configuring SSH Keys for Multiple GitHub Accounts, which shows how to setup your Git configuration to seamlessly switch between GitHub accounts. By employing that, I could keep a unified Git configuration in my dotfiles repository, and use separate accounts for my personal and work Git activities.
All of this may seem like a lot of work for very little gain. It may even seem unnecessary, but as security concerns at work are generating more and more controls and checks, I want to have as much separation between my stuff and their stuff.