[Woknox]

A few days ago I was about to update two apps in the store and publish my third app. I also decided to enable the two-step verification to gain account access that day (a dicision that I very much regret right now)

It appeared that my alternate emailadress was an old emailaddress which has been deleted some years ago,.. this was the emailadres where the two-step-verification securitycode was send to. Once you start the two-step verification your account will get locked for changing information for 30 days, so I cannot do anything to get access to my account and publish / update my apps. This is horrible, I have fixed some bugs and the users of my apps are waiting for the fixes!

So I tried to get help at Microsofts service channel. This is where I got realy dissapointed...

They told me that there isn't a way around being locked out for 30 days for me... I asked them if I could proof them I'm not a hacker by providing them any information that is required for that. Told them this was realy important for me and for my apps users.

Still they told me I should just wait for the 30 days.

The mistake I have made in this scenario is to have an alternate emailaddress on my live account which is not active anymore. A small mistake, which can happen to anyone, has big concequenses.

I'm dissapointed in Microsoft for not helping me out with a problem that is important for me. I feel that I'm not being taken serious at all.

For this reason I will seriously concider to stop putting effort in being a Windows Phone developer and taking a look at oppertunities as a developer on other mobile platforms. The only reason I am developing apps only for the Windows Phone platform was because I'm a .Net developer and a big fan of Microsoft. The reasons for spending hours in developing WP apps are declining rapidly for me this way.

I'm curious if anyone of you ever had the same experience, or has some tips for me at this point.

Wilko

[David P2]

A few days ago I was about to update two apps in the store and publish my third app. I also decided to enable the two-step verification to gain account access that day (a dicision that I very much regret right now)

It appeared that my alternate emailadress was an old emailaddress which has been deleted some years ago,.. this was the emailadres where the two-step-verification securitycode was send to. Once you start the two-step verification your account will get locked for changing information for 30 days, so I cannot do anything to get access to my account and publish / update my apps. This is horrible, I have fixed some bugs and the users of my apps are waiting for the fixes!

So I tried to get help at Microsofts service channel. This is where I got realy dissapointed...

They told me that there isn't a way around being locked out for 30 days for me... I asked them if I could proof them I'm not a hacker by providing them any information that is required for that. Told them this was realy important for me and for my apps users.

Still they told me I should just wait for the 30 days.

The mistake I have made in this scenario is to have an alternate emailaddress on my live account which is not active anymore. A small mistake, which can happen to anyone, has big concequenses.

I'm dissapointed in Microsoft for not helping me out with a problem that is important for me. I feel that I'm not being taken serious at all.

For this reason I will seriously concider to stop putting effort in being a Windows Phone developer and taking a look at oppertunities as a developer on other mobile platforms. The only reason I am developing apps only for the Windows Phone platform was because I'm a .Net developer and a big fan of Microsoft. The reasons for spending hours in developing WP apps are declining rapidly for me this way.

I'm curious if anyone of you ever had the same experience, or has some tips for me at this point.

Wilko

If the old email address was a free web based one (like Hotmail, yahoo or gmail) then you should be able to recreate it. I know for certain MS delete Hotmail accounts completely after they have been inactive for a very long time. So long as nobody has taken that email address, just recreate it - or even create it as an alias in your current MS account.

[Woknox]

Unfortunatly the alternate emailaddress is my emailaddress from the time at my former employer, I called them to raise the emailaddress from the dead but they cannot help me with this either. Thanks for the tip anyway

[Nerdy Woman]

I'm dissapointed in Microsoft for not helping me out with a problem that is important for me. I feel that I'm not being taken serious at all.

For this reason I will seriously concider to stop putting effort in being a Windows Phone developer and taking a look at oppertunities as a developer on other mobile platforms. The only reason I am developing apps only for the Windows Phone platform was because I'm a .Net developer and a big fan of Microsoft. The reasons for spending hours in developing WP apps are declining rapidly for me this way.

I'm curious if anyone of you ever had the same experience, or has some tips for me at this point.

Wilko

I can understand wanting Microsoft to make an exception to security policy because they may lose a major source of developer revenue, but if you are familiar with social engineering as a means of accessing someone else's account, then you might be able to understand why they won't do that. Almost any information that you could provide as proof of identity is probably accessible to someone who might want to hi-jack your account.

If/when you regain access to your account, you'll remember this life lesson about keeping contact information current for all your business dealings. Sorry you are having so much trouble, but can't say you can blame Microsoft for this one.

[JamesPTao]

A few days ago I was about to update two apps in the store and publish my third app. I also decided to enable the two-step verification to gain account access that day (a dicision that I very much regret right now)

It appeared that my alternate emailadress was an old emailaddress which has been deleted some years ago,.. this was the emailadres where the two-step-verification securitycode was send to. Once you start the two-step verification your account will get locked for changing information for 30 days, so I cannot do anything to get access to my account and publish / update my apps. This is horrible, I have fixed some bugs and the users of my apps are waiting for the fixes!

So I tried to get help at Microsofts service channel. This is where I got realy dissapointed...

They told me that there isn't a way around being locked out for 30 days for me... I asked them if I could proof them I'm not a hacker by providing them any information that is required for that. Told them this was realy important for me and for my apps users.

Still they told me I should just wait for the 30 days.

The mistake I have made in this scenario is to have an alternate emailaddress on my live account which is not active anymore. A small mistake, which can happen to anyone, has big concequenses.

I'm dissapointed in Microsoft for not helping me out with a problem that is important for me. I feel that I'm not being taken serious at all.

For this reason I will seriously concider to stop putting effort in being a Windows Phone developer and taking a look at oppertunities as a developer on other mobile platforms. The only reason I am developing apps only for the Windows Phone platform was because I'm a .Net developer and a big fan of Microsoft. The reasons for spending hours in developing WP apps are declining rapidly for me this way.

I'm curious if anyone of you ever had the same experience, or has some tips for me at this point.

Wilko

Very frustrating, that I can definetly understand. But stopping developing because of that is a pretty strong reaction. Unfortunately security these days binds hands. If they allowed it it would be a security risk. As a developer you should understand and respect that. Still sucks though.

[Nerdy Woman]

BTW, to prove my point...

You might want to make sure that Openprovider has current contact information. Your house number is 35 and your phone number ends in 9550?

[Woknox]

Well I think you two have a good point about the security risks by just passing some personal information being too high, but I cannot beleive that this is everything they can do for me.
Is there realy not one alternative solutions for my problem? cant believe that.

I'm a Microsoft certified on a list of competentions, this combined with my ID (passport / drivers license) should be enough to verify that I am who I say.
I would hand over my ID personally to a servicedesk employee if this was possible.

What if it was about publishing apps for millions of users? If the stakes were high for Microsoft? I dont thing I still be waiting for the 30 days.

Probably I'm overreacting by saying that I consider quit developing WP development but as a WP developer I invest quite some time in the apps. For my own fun offcourse, but also to support Microsoft by improving the offer in their phone store.

In return I expect just a little bit more than just a "sorry, these are the rules... just wait for the 30 days"

[Woknox]

BTW, to prove my point...

You might want to make sure that Openprovider has current contact information. Your house number is 35 and your phone number ends in 9550?

I would agree with you if you can also post the last 4 characters of my passport nr, my driverlicense nr and my MCP ID. (Microsoft has got this data)

I know a lot of personal information becomes public, but not everything.

Besides that, a hacker can wait for 30 days too...

[Nerdy Woman]

Besides that, a hacker can wait for 30 days too...

You know hackers aren't going to wait 30 days unless they are really bent on screwing with you specifically... They'll move on to another target.

[Ebuka Allison]

Well I think you two have a good point about the security risks by just passing some personal information being too high, but I cannot beleive that this is everything they can do for me.
Is there realy not one alternative solutions for my problem? cant believe that.

I'm a Microsoft certified on a list of competentions, this combined with my ID (passport / drivers license) should be enough to verify that I am who I say.
I would hand over my ID personally to a servicedesk employee if this was possible.

What if it was about publishing apps for millions of users? If the stakes were high for Microsoft? I dont thing I still be waiting for the 30 days.

Probably I'm overreacting by saying that I consider quit developing WP development but as a WP developer I invest quite some time in the apps. For my own fun offcourse, but also to support Microsoft by improving the offer in their phone store.

In return I expect just a little bit more than just a "sorry, these are the rules... just wait for the 30 days"

Sorry man. But those really are the rules for a reason.

[David P2]

Think of it this way... what if some miscreant got hold of your account and started publishing dodgy stuff under your name - stuff like paid for apps that do absolutely nothing, or something that totally messes someone's phone up. It wouldn't be their blood the victims would be baying for... it would be yours because it's your name in the publisher section. Would you really want the potential for all that hassle and grief?

[Nerdy Woman]

I would agree with you if you can also post the last 4 characters of my passport nr, my driverlicense nr and my MCP ID. (Microsoft has got this data)

BTW, I seriously doubt that the people in customer/member/developer services have access to all the ID you've mentioned. Their records are probably limited to what you've entered in the MS ID Account Profile (and that is done to protect you. All personal information should be limited to need to know. That's a good security measure. Would you also want the CSRs to have your credit card info?). Moreover, as a way to protect you and every other user, the authentication process is no doubt encrypted and locked down. Do you really want a CSR to be able to override the 2-step authentication process that you implemented?

[Woknox]

Thank you all David P2 and Nerdy Women for your reactions,.. after some reflection I realize I shouldn't blame Microsoft for holding on to their security policy. They are doing a good job.

I reacted in anger without thinking it over, it was my own fault. Just wish I could somehow somehow update my apps a bit sooner.

[Pete The Penguin]

A few days ago I was about to update two apps in the store and publish my third app. I also decided to enable the two-step verification to gain account access that day (a dicision that I very much regret right now)

It appeared that my alternate emailadress was an old emailaddress which has been deleted some years ago,.. this was the emailadres where the two-step-verification securitycode was send to. Once you start the two-step verification your account will get locked for changing information for 30 days, so I cannot do anything to get access to my account and publish / update my apps. This is horrible, I have fixed some bugs and the users of my apps are waiting for the fixes!

So I tried to get help at Microsofts service channel. This is where I got realy dissapointed...

They told me that there isn't a way around being locked out for 30 days for me... I asked them if I could proof them I'm not a hacker by providing them any information that is required for that. Told them this was realy important for me and for my apps users.

Still they told me I should just wait for the 30 days.

The mistake I have made in this scenario is to have an alternate emailaddress on my live account which is not active anymore. A small mistake, which can happen to anyone, has big concequenses.

I'm dissapointed in Microsoft for not helping me out with a problem that is important for me. I feel that I'm not being taken serious at all.

For this reason I will seriously concider to stop putting effort in being a Windows Phone developer and taking a look at oppertunities as a developer on other mobile platforms. The only reason I am developing apps only for the Windows Phone platform was because I'm a .Net developer and a big fan of Microsoft. The reasons for spending hours in developing WP apps are declining rapidly for me this way.

I'm curious if anyone of you ever had the same experience, or has some tips for me at this point.

Wilko

In this instance, you should have checked which email you had set up to receive the 2-step verification code.
You cannot blame Microsoft for protecting their user's from potential security threats.

[David P2]

Thank you all David P2 and Nerdy Women for your reactions,.. after some reflection I realize I shouldn't blame Microsoft for holding on to their security policy. They are doing a good job.

I reacted in anger without thinking it over, it was my own fault. Just wish I could somehow somehow update my apps a bit sooner.

Golden rule of forums, or any form of communication really: "Think before you press send." If you're angry or annoyed, dump it all down on paper or in Notepad (or your favourite text editor) and read through it. You would find after doing that, there's no reason to send it out.

What I would do when that 30 days expires, is get everything changed - create a new Hotmal/Outlook account (or another free service that won't get discontinued) and get that set as your backup. And keep it active - just login to it every now and then, and maybe send yourself an email to keep the account 'alive'.

[Nerdy Woman]

What I would do when that 30 days expires, is get everything changed - create a new Hotmal/Outlook account (or another free service that won't get discontinued) and get that set as your backup. And keep it active - just login to it every now and then, and maybe send yourself an email to keep the account 'alive'.

If I could add a corollary to David's note... never, never, never use an employer's or ISPs domain for personal identification/notification or backup notification. While you may feel that you have absolute job security forever or certain that you'll never switch ISPs, you don't have control over that email address.

I finally convinced my husband to start rolling all his email correspondence over to his live.com (outlook) account, replacing the ISP-dependent account. I hate feeling I can't switch ISPs.

[David P2]

If I could add a corollary to David's note... never, never, never use an employer's or ISPs domain for personal identification/notification or backup notification. While you may feel that you have absolute job security forever or certain that you'll never switch ISPs, you don't have control over that email address.

I finally convinced my husband to start rolling all his email correspondence over to his live.com (outlook) account, replacing the ISP-dependent account. I hate feeling I can't switch ISPs.

It's definitely a pain, switching ISPs I mean - that's why I have a personal website+email account (I pay 6ish for it per month), and I use my Hotmail one for xbox mainly and other MS services.

[Pete The Penguin]

I use a hosted email service for all my 2-step verification stuff, as well as a mobile phone number as a second back-up. Yes, it's a pain but it works.

[KSilcox]

Thank you all David P2 and Nerdy Women for your reactions,.. after some reflection I realize I shouldn't blame Microsoft for holding on to their security policy. They are doing a good job.

I reacted in anger without thinking it over, it was my own fault. Just wish I could somehow somehow update my apps a bit sooner.

I use your easy analytics app. :)
Thanks for sticking with it.