2FA is now unavoidable for App developers. Upcoming Authentication Requirement for App Store Connect
Starting February 2021, additional authentication will be required for all users to sign in to App Store Connect. You can enable two-step verification or two-factor authentication now for the Apple ID associated with your developer account.
Easy, right? Two-factor authentication for Apple ID is explained clearly by Apple and easy to set up. All you need to do is visit the Security section of your Apple ID account or the Apple ID section of Settings on your iPhone, iPad, or iPod touch.
Not so fast. If you have an important Apple ID then it is crucial that you look after it. Not just for all your purchases of music, books, magazines and apps, not even because of all your iCloud email and Calendars. More importantly for a deveoper it impacts your ability to function as a developer. You rely upon it so completely that your Apple ID is literally the most important thing in your Apple digital life. It is quite possible you won't realise this until it is too late.
Think about when you set up your Apple ID. It may have been years and years ago. I bet you do know the password, but do you remember the Secret Questions? I don't. Nowadays when I set up an account I keep them in my Password Vault. I use (KeeWeb - a free cross-platform password manager compatible with KeePass (other solutions are available).
The trouble is, you need those answers to the secret questions and you need them now. In order to be able turn on Apple ID 2FA in the security section of the Apple ID website you need to know the answers to the secret questions.
If you get the secret questions wrong there is a helpful button to 'reset the security questions' which, as far as I can tell, always takes you to a screen explaining that you 'cannot reset the security questions because Apple do not have sufficient information to reset the security questions'.
This, to put is mildly, is a very bad place to be. Multiple failed attempts cause you to be locked out of making any more changes attempts to your App Store Connect account. It looks like the first cooldown period is 24 hours although this is not documented. Without these credentials one client would be locked out of all the apps developed on behalf of their customers. Not a good thing to have to explain that a new Apple ID is required to be added to their developer team. Potential reputation damage too.
How to extricate yourself from this predicament
There is a way out of this. It worked for me and I've no reason to think it won't work for you. The clue is from Apples own information. Remember though I make no warranties that it will work for you and am not giving specific advice - Im just explaining what worked for me!
All you need to do is visit the Security section of your Apple ID account or the Apple ID section of Settings on your iPhone, iPad, or iPod touch.
The answer is to do this from an Apple iOS device. It works provided you have access to another logged in Mac and the trusted phone numbers for the Apple ID.
- To be safe, wait 24 hours if you've reached the 'cannot reset the security questions because Apple do not have sufficient information to reset the security questions' page
- Make sure you have a Mac logged in and using the Apple ID you are trying to update. If you are a developer you probably do.
- Get a spare Apple device, or indeed buy a new one. It needs not to be signed in to iCloud
- Set it up from scratch using the Apple ID that does not have 2FA enabled.
- It will skip security questions and enable 2FA first trying to using the other device to ‘authorise’ and if that fails by recovery text
- Keep authorizing things with the Apple ID password until it finishes asking.
- It may ask for a macOS account password (not the Apple ID password) for a Mac associated with the Apple ID.
- Breath a sigh of relief