[rantallion]

> How is this acceptable ? Of course, the support told me that my data is secure ... so secure I cannot access it !

Well, this is kind of the point. You may or may not remember that mere weeks before Apple rather forcefully encouraged people to set up 2FA, numerous female celebrities had their accounts breached and rather personal images leaked to the world.

When you were prompted to set up 2FA, you were given warnings (on multiple screens, no less) that no-one can help you recover the account if you lose the details. I believe there was also a single chance to save recovery codes, though I'm not sure if the process has changed in the time that has since passed.

This one's on you. Apple support aren't going to get you back in to an account for which you cannot provide the security answers. Those were your proof that you are indeed you.

[edp]

As the sibling comment is saying, I never set up 2FA on my account. When I do, I'm using totp and store backup codes. Apple decided to force 2FA and use security questions as the second factor on my behalf.

On top of this, many companies provide customer support to reset 2FA with an other way to verify who you are.

[eyelidlessness]

> When you were prompted to set up 2FA

My understanding is that OP did not set up MFA, they provided random answers to security questions which were (at that time) used only as an account recovery mechanism. My further understanding is that Apple unilaterally changed the account policy to require MFA, and automatically used those security questions as a (presumably temporary) second factor.

From my reading of the first few search results, this MFA requirement doesn’t apply to all accounts (and alarmingly MFA isn’t even available to all accounts?!). It seems likely to me OP’s has a developer account, which would have the MFA requirement.

It’s not clear to me how Apple migrates any account when they make their auth policy stricter for that account. If Apple did in fact change policy such that OP was previously able to gain authorized access by password, but subsequently was not with no action taken by OP, Apple should provide some alternative means to regain authorization—even if only to recover purchases, which would harm no one.

Security is an imperfect spectrum which coexists on another imperfect spectrum of convenience. The previous mechanism was effectively like leaving a key under a hypothetical doormat. OP’s description is that Apple placed a new lock inside the door they can already enter, demanding OP produce a key Apple left under that doormat as a matter or convenience in case the previous key was lost. If you told me that one day I might need a former convenience I don’t use and didn’t ask for to enter my home, well… it’s my home. If my home is a rental, I’d have the right to recover my belongings (and to complete the term of my lease, but this is where the abstraction breaks down because digital services have very few consumer protections).

OP certainly isn’t entitled to any further service from Apple. But they’re certainly entitled to the goods they’ve already purchased. Even if the terms of service (almost certainly derived from or similar to the butt of joke iTunes tos) disagree. Apple can’t morally just put a lock inside your door and claim it owns what’s behind that.

I’ve intentionally buried this disclaimer: I like Apple products and have been a customer since the 1990s. I expect more of them than this. I left this til last because I think the above is pretty straightforward and my loyalties to a brand should not influence that.