Widespread Reports of Apple ID Accounts Being Inexplicably Locked

Originally published at: Widespread Reports of Apple ID Accounts Being Inexplicably Locked - TidBITS

If your devices mysteriously ask you to reset your Apple ID password and then lock your account, you’re not alone. Unfortunately, there’s nothing to do but go with the flow.

I’m one of those unfortunate folks with 2 Apple IDs (one from iTools perhaps? System 9?), and only the mac.com Apple ID was affected. Does seem ok now after I went through the multiple logins with a new password.

Parenthetically, I was a bit paranoid last night about the password reset because about an hour before, I had received a “pig butcher” chatty text message,

complete with a photo of a young Chinese girl, and a few hours before that had purchased lunch via an online ordering site at a new-to-me Asian restaurant using my mobile number as my account.

I assumed all 3 were related, but perhaps only the “pig butcher” and restaurant were related. Or perhaps just coincidence and coincidence and coincidence?
¯_(ツ)_/¯

It happened to me last night around 6:00. Suddenly my TV, iPhone, iPad, and Watch all wanted me to re-enter my Apple ID password. Probably my Mac too, but I wasn’t looking at that at the time. After a couple rounds of correctly entering passwords and six-digit codes, I was told I had to reset my password. It worked, but it’s a little nerve-wracking wondering if there’s some weird phishing going on or if I’m going to get locked out of my account.

I’ve been plagued with frequent “your iCloud id has been locked for security reasons”. I ran into problems two weeks ago where I couldn’t unlock it (iForgot Apple ID reset not working?) – I suspect that was a system problem.

So, I wasn’t surprised when yesterday evening (5 PM CDT) I had to unlock it again.

What was surprising was what happened later in the evening, when I was hit with the problem described in the article. All my devices wanted me to sign back into iCloud, but I couldn’t, because the account was locked. But, when I got past the identity confirmation tests, it wanted me to change my Applid ID password.

That’s never happened before. I don’t like changing it, because doing so removes all your generated app passwords, so you have to recreate them.

I just finished repairing everything, on all my devices. Had to sign in again to Messages and FaceTime. Is there anything else that requires a separate sign-in?

This is getting annoying. I appreciate Apple’s security in the face of what’s likely a continuous onslaught of Apple ID guessing attempts, but I sure wish there was a way they could do that without so much inconvenience. I don’t have this problem with any other id.

One more thing… I bet that Apple ID getting locked is more common than people realize. For more purposes, it doesn’t affect you – you can continue to use iCloud services using some kind of cached credential. But I see it within a week, because iMazing app downloads and checking issue status on the Apple Feedback Assistant both require an unlocked Apple ID.

I’ve only got one Apple ID and it’s on a custom domain. Still got locked out for no reason. Had to make a new password.

Yeah I get this too. Sometimes it’s using “Sign In with Apple” on a website I’ve used before and it says my account has been locked.

However last night was different in that I got a pop up on my Mac telling me my Apple ID was locked. Haven’t seen that before.

I’d assume coincidence. I get several probably-phishing texts every day. Usually with messages like “Hi, Biran, how’s your Mom?”. Always from a different phone number (so blocking numbers doesn’t help). Always an innocuous sounding message. And for some reason, always calling me “Brian” (I wonder if some scammer database has that associated with my phone number). I always delete them and report them to Apple as junk, but they never stop coming.

I assume that if I would respond to one, I’d end up talking with a chatbot programmed to exfiltrate data that could be used for identity theft.

I don’t think server glitches like this are new either, although locking Apple IDs is new (at least to me).

When I was running Catalina and Big Sur, I would occasionally get a flood of authentication problems from all of the Mac’s system services, each one asking for my keychain password. Canceling the request or providing the password would do nothing. I’d then reboot and all would be back to normal.

I suspect there was a memory leak somewhere in the system, because it would only happen if the system was up and running (and logged in) for a long time (over a month). And after upgrading to Ventura (and then the forced-upgrade to Sonoma), the problem has not (yet) recurred.

I’d also find (again, on that Big Sur system) that the system would seem to lose my Google login credentials. I’d get a popup telling me that I need to re-authenticate that account, almost always at the same time as I’m shutting-down or restarting the computer. Then I’d have to re-login to Google (including 2FA, and then receiving a flood of “there was a new login on…” messages sent to my GMail account and all of my Google account’s alternate e-mail addresses) in order for various Mac services (calendar, contacts, etc.) to regain access.

But this (so far) also stopped after the upgrade to Ventura and Sonoma.

Happened to me last night. Just returned from an overnight trip and bam…there it was about 10PM.
I was able to reset my password, but then had to re-log all devices, and re-set Application specific passwords.
A real PIA!

No idea why?

Same thing happened to me yesterday with two different Apple IDs, wiping out all app-generated passwords.

Apple services have become more trouble than they are worth to me.

My wife and I are good so far. I use a non-Apple domain Apple ID (i.e., it’s not an iCloud, mobile me, or dotMac account); she uses a .me account, and is away and traveling for the weekend. Thanks to reports here, and the supporting articles from Michael Tsai and 9to5mac, I was able to warn her it might happen.

What was different was being asked to sign in with my password in the middle of an Apple TV+ movie. I have never had that happen before.

The thing that was apparent was that how the Apple ID is the bottleneck for everything Apple. If I want to use an app on my iPhone or iPad, that app has been purchased with my ID and that needs to be verified first. Without that sign in, your device can make phone calls, but not perform as a computer that I can see.

Happened to me last evening, too. Compounding the problem was that after resetting all my devices, the AppleID website wouldn’t let me generate an app specific password (ASP). It kept telling me that my account was still locked. This, despite being logged back on to all my devices and into the AppleID website using my new password! After about an hour with Apple support chat and then escalated to a higher tech via phone, they had me clear my Safari history and sign back in through the iforgot.apple.com website. That eventually allowed Apple’s system to unlock the account and let me generate an ASP without having to resort to another account password reset. Phew…

I experienced this yesterday afternoon. I have a .mac account. Normal steps to verify and unlock failed to work. I am running Ventura on a MacPro 7.1 (2019) desktop. I literally spent hours trying to find a workaround given the number of devices I have and how my Apple ID is being utilized. The last thing I wanted to do is reset my password due to the impact it has on other devices and tools I use.

I called Mac support and spoke to a senior advisor. While empathic, the effort was totally useless and unhelpful as workaround could be offered, claiming their was none. He also failed to acknowledge this was a worldwide issue affecting users all over and to take and made no attempt to have Apple take responsibility for the issue. Of course I did not know it was an worldwide Apple issue until I read this article.

Here is what I know about it so far:
• Normal steps to verify your Apple ID to avoid resetting your password will not work.
• To the best of my knowledge there is no workaround. You force to reset your password to a different on that you have not used in the last year.
• You cannot reset the one you were using for one year.
• Apple supposedly cannot or will not delete any current or previously existing passwords.
• To the best of my knowledge this issue or any issue can no longer be escalated above an Apple senior advisor level.
• Apple so far to the best of my knowledge has not made any announcement about this issue to its customers. For all I know Apple could have experienced so kind of security issue or breach and decided to have all, or a select group of users, be forced to reset their password without informing its users about this, thus dumping a possible Apple security issue into the hands of its users to fix it.

This issue is most surely causing grief, frustration, lost time and productivity to all who experience it. It does not seem to be related directly to macOS but to the Apple on-line support system managed by Apple via its security and server infrastructure. Given it seems to be an Apple issue and not a user issue, in my opinion Apple needs to be held accountable for this issue, financially for the lost time and frustration of its Mac users or offer some form of compensation for the issue for the lost time interruptions for users that have to fix it and lost productivity. While I lack the necessary knowledge and resources to initiate this, hopefully someone reading this might be able to.

Additionally Apple needs to proved tools to users and through Apple Support to allow users to verify their ID without resetting their password for legitimate cases where the standard protocols do not work such as what has happened with this issue. Currently to the best of my knowledge that does not currently exist. Users and customers should not be held accountable for Apples mistakes. It is past time for Apple to stop acting like ‘Big Brother’ and once again adapt a paradigm of being customer and user centric.

I am of the opinion that Apple Senior Support Agents or a special subgroup should have the tools that after taking steps to validate the requestor be able to manage password issues in a way that does not require the requestor to reset their password, especially when they are not responsible for the issue. Users should be responsible for their password protection not Apple, other to secure their infrastructure from improper access to protect users from hackers and malware. If a user fails to protect their password or decides to use a compromised password that should be the users choice and responsibility and if so the user should bear the responsibility for doing so and the consequences for not doing so instead of Apple acting as ‘Big Brother’. That said if Apple wishes to provide tools and protocols to assist users to manage and protect their passwords I am fine with that, but it should be a user decision to use them, not Apple.

It is past time to hold Apple responsible for it overbearing behavior especially at times when such behavior presents a disruption to their customers and users lives.

Update: I just found out this evening that when resetting the Apple ID password it also without notice, deletes all the App specific passwords and all of those have to be reentered. By deleting them without warning or notice there is no record of what App specific passwords were set. So unless a user was aware that this can happen so they can take a snapshot of what they are, it becomes a user exercise to figure out what App Specific passwords were utilized. This can be a major time consuming issue if the user has a lot of Apps, especially if an App Specific password was created years ago for a rarely used App. Since creating an App Specific App is a multistep time consuming process, if a user launches an App that is vitally needed at a critical time this can ruin someone’s day. If it happens while driving and using CarPlay the consequence could be tragic due to driver distraction

Another pain is that we are trying to enter the new password for our watches, but when we paste the password into the pop up “keyboard” (actually only a text field) and press Done, it does not pass the text to the watch. Any other way of doing this?

I got an account locked error a couple of weeks ago when I tried to log into Apple TV+ on my Amazon FireTV. Didn’t think too much about it since I had other ways to watch content. Then last night, I kept getting prompts on iPhone and iPad to re enter my password. Had to to through the routine of resetting my password which didn’t go smoothly - I have Yubikeys on my account. Was successful finally but was a pain. Didn’t happen with my wife. I’m away from home right now and do have enhanced security turned on.

Has not happened to me. Yet. Hopefully not in the future. I don’t have an iPhone, Just a Mac Mini, and a iPad, and a single Apple login.

Another is iPhone “Call on Other Devices” (integration between the iPhone and my iMac) was off, and it wouldn’t let me turn it on. It gave an error that FaceTime had to be signed into the same account as iCloud. But it was. The fix was to reboot the phone.

I, too, experienced this exact experience yesterday evening around 6:30 or so. It first popped up while watching a baseball game on my Apple TV. It quickly started also showing up on each of my other devices—second Apple TV, iPad, Apple Watch and iPhone. It required about an hour of my time, and left me somewhat frustrated. Prior to today’s Tidbits article I was unaware that this was a widespread occurrence. I’m now considering independently initiating my own resetting of my Apple ID password through iCloud just to be safe. Thanks for this heads up, Adam.

Happens all the time. Apple should know passwords get simpler every time they do it, making it less safe for everyone.