Janky Apple ID Security
I had another instance of my Apple ID mysteriously being locked. First, my iPhone wanted me to enter the password again, which I thought was the “normal” thing it has done every few months, almost since I got it. But after doing so it said that my account was locked.
Unlocking the account would require a 1-hour Security Delay, it said, because I had Stolen Device Protection enabled, and I was not at one of my familiar locations. I was at home. But I went to Settings ‣ Privacy & Security ‣ Location Services ‣ System Services ‣ Significant Locations to check, and for some reason the only location in the list was the grocery store that I go to once every two weeks. It didn’t figure out the location of the home/office where the phone spends nearly all its time and which is identified as Home in Apple Maps, Contacts, and Find My.
So I went to my Mac, where there was no delay to unlock the account. However, unlocking didn’t work. It had me enter the password, texted a code to my phone, and then wanted me to enter the password again, but the sheet was broken. I typed the password and clicked Sign In, and the button stayed grayed out, showed a spinner, and then stopped, but it neither accepted the password nor showed an error. It just got stuck with Sign In disabled. Isn’t the new System Settings great?
(Several of the other Apple ID–related sheets have odd layouts and non-standard behavior. If I were not already familiar with this being the unfortunate status quo, I might worry whether they were fake UI trying to phish me.)
(The iPhone version of System Settings also got stuck in a weird state, where the Apple ID Suggestions screen was showing a spinner and a Continue button that didn’t work. And the whole app was inset with a black border around it. I had to force-quit it. And then it got stuck again the same way.)
The only thing to do was to click Cancel to get out of the sheet. Both of my devices kept popping up alerts about signing in to my Apple ID, and I still didn’t want to wait an hour, so I quit System Settings and relaunched it. I followed the exact same procedure as before to unlock my account, but this time it let me do so using my Mac’s password instead of sending a code to the iPhone. And this time the final sheet asking for my Apple ID password worked.
The good news is that the phone automatically unlocked and made the Apple ID services available again. I didn’t have to enter the new password there.
The bad news is that I had to choose another new password for this account. And everything about this process made me feel less secure. If Stolen Device Protection doesn’t work properly, is it going to cause me real trouble sometime? Maybe I should just turn it off. Is there any way I can run my devices without them relying on my Apple ID? Alas, I don’t think so.
(I have another Apple ID that I use on my test Macs, and for some reason it needs to be unlocked every time I use it to sign in to a new installation. I’ve never been asked to reset its password, though.)
Previously:
- Stolen Device Protection in iOS 17.3
- Secondary Apple ID Mess and Inadvertent Password Reset
- System Settings
- Apple System Status Page Needs to Switch Off Its Reality Distortion Field
Update (2024-04-26): Dave Wood:
WTF #Apple. I’m minding my own business, and get an alert on my watch & phone. “Sign in with your AppleID”. Ok, why? I enter my password anyway. Then: Locked out. WTF? Then worse. I can’t unlock my account for an hour because I’m not at a familiar location. I’m home. Where I rarely leave. If my home isn’t familiar, where the hell is?
Same exact thing happened to my wife’s account earlier today.
Both of my apple IDs just got locked and hour ago. Passwords were over 2 years old so okay, that’s probably for the best but I changed the first one while taking off from Atlanta and then when I landed in charlotte, my other one also wanted to be changed. Did it on iPad since the lock was active on my iPhone. I have 2 Mac’s at home that will need to be updated to the new passcode when I get home. I thought it’s just because I was out of the country and Apple flagged both.
Not 20 minutes after reading your article the same thing happened to me, including having to set a new password. Weird!
Although I was at home and Stolen Device Protection did recognise that.
This happened to me less than 10 minutes ago
I also had this happen to me tonight. Probably a silent forced password reset for an intrusion or something
Xcodes is causing serious problems with my AppleID (apple keeps locking it for “security reasons”).
The same thing happened to me and I wasn’t using Xcode. A few people got password reset requests this afternoon
Marc:
Same things here, and it also wiped out my application specific passwords which caused problems with several apps.
Same boat. Watch, then iPhone, Mac, and Apple TV all did this. I spoke to a chat agent about it, and they wouldn’t tell me what happened, only that “sometimes random security improvements are added to your account”.
leo:
Happened to me this afternoon
I got this on an old iPad used for listening to podcasts in the kitchen about 8pm, then all devices were locked. Only after many attempts I got my MBP connected and the iCloud pw reset. Then I could start getting all other devices unlocked with the new password.
It felt more like a hack than something Apple intended.
Anyone else have their Apple ID locked tonight randomly? I had to re-login on all my devices after a password change and a reset of all my app-specific passwords...
Apple’s System Status webpage doesn’t indicate that any of its services are having issues this evening. Still, it’s clear based on social media reports that something wonky is going on behind the scenes at Apple.
Update (2024-04-27): See also:
I had to generate a new app-specific password and add it to Fantastical before it could sync.
Although my iPhone didn’t ask for the new Apple ID password, iMessage silently failed to work. It never asked me to log in again; it just stopped receiving new messages. I toggled it off and then on again, and then it started working for new messages, but the ones sent in the interim never synced down from iCloud.
My secondary Mac did ask me to enter the new Apple ID password. It also silently stopped receiving new iMessages until I launched the Messages app, at which point it did prompt me to log in. It also never synced up the messages received while it was logged out.
same here with the significant locations messed up.
My iPhone’s “Significant Locations” aren’t that. Apparently I live in the woods 2km from my actual home, and the fact that I can’t get more details about the other 100s of location records it saved isn’t building confidence
Happened to me last night also. Had to create new password and enter new one on every device. The watch was the worst because the iPhone keyboard doesn’t allow password manager fill and had to get another device view and key on iPhone. Didn’t work after 3 attempts so I canceled out. Went back in to Settings on watch and I was logged in. Overall, took at least 1 hour to complete for all devices. And the initial unlock/reset took at least 3 attempts. Not a warm, fuzzy experience.
I just checked on my own iPhone, and the only two “Significant Locations” listed in Settings → Privacy & Security → Location Services → System Services → Significant Locations are “Work” and my favorite (and truly oft-visited) grocery store. But the “Work” location is centered three entire city blocks (~0.2 miles) from my home, which leaves my home just outside the radius that counts as that location. Luckily I wasn’t hit by this account lockout, but this also reassures me that I’m right to not yet have enabled Stolen Device Protection.
Update (2024-04-28): Nick Heer:
It is unclear to me if it is affecting only accounts associated in some way with a developer Apple ID. Neither of my Apple IDs — both of which are connected to developer tools — were affected by this problem.
This problem is about eighteen hours old. It would be useful if Apple said literally anything useful to acknowledge the issue.
I do not use my regular Apple ID with the developers tools, and my developer Apple ID did not need to be unlocked.
When your iCloud/Apple ID starts acting up in weird ways, throwing you in a Kafkaesque loop with a “locked” account and a password reset process that ends in a useless “try again later” error message, while System Status remains solidly green for all Apple services, don’t bother calling Apple about it. Even they don’t know what’s going on. Wait until the next morning, and try again, and find that somehow this time the password reset actually works.
I checked my “Significant Locations” and all it has is a water park we went to for the first time in my life last weekend. Not my home that I literally spend 90% of my time in and is marked as My Home in Apple Maps.
Okay. Being forced to change passwords for no reason on about a thousand devices is bad enough. Now it won’t even accept my new password when trying to generate the dozens of app-specific passwords I need.
I got hit by the Apple ID bug last night. And the poor copy and layouts also had me considering my entire machine had be hacked. It was a mess.
Oh christ, the Apple ID reset borked my Apple Wallet.
I need to verify (?) my cards again, of which there is no button or method. And how does one even verify Apple Cash card?
[…]
Oh great, Family Sharing was turned off and errors out.
Name and Photo Sharing too. Just gone. (Even after reboot.)
Aaaaand iMessage it out of sync between devices.
Update (2024-04-29): I continue to see new reports from people encountering this, as well as reports that Apple Support continues to tell customers that there is no widespread issue. It’s disappointing that new people were still encountering the problem at least two days later and that Apple has yet to post anything on its System Status page or provide any information at all.
I decided to disable Stolen Device Protection on my iPhone, which was at home, and iOS said there would be a one-hour security delay because I was not at a familiar location. 🤦♂️ It said I would get a notification when the delay ended. Several hours later, the notification never came, and Stolen Device Protection is still enabled. 🤦♂️ I am now more determined than ever to turn it off because I do not trust that the delay works properly. I went back to the grocery store, but now that is no longer listed as a Significant Location. The only location it now shows is a gym that I rarely go to and which I last visited less recently than the grocery store. 🤦♂️ However, it did let me turn off Stolen Device Protection when I got home, so maybe the delay works and it’s only the notification that’s broken.
I checked what my iPhone considers my significant locations. It’s disabled! So I have no significant locations. How does the system let me enable Stolen Device Protection without it turning on significant locations?
and my AppleID is locked again. So many horror stories with iCloud locks that this is the most careful I am resetting a password ever.
Password not working for my Apple ID, ok.
Try to reset, but since that’s not the “iCloud” account synced to my device but the store account, none of my “signed in devices” get notifications.
So now I have to wait three more days until I get a text to my number to reset it…
Significant Locations shows 55 records on my iPhone, but it only shows one recent location. There’s no way to tell the iPhone which locations you want to consider significant, such as your home or work location, so if you have Stolen Device Protection on, you’re at the whim of Apple’s location services.
I’m not sure what’s going on here, as I’ve seen screenshots from others showing multiple locations. My iPhone shows only one.
This event points out one of the risks of depending on an Apple ID. As more people depend on iCloud, getting locked out of your Apple ID can have devastating consequences. You cannot use iCloud email, IMessage, or FaceTime without this account. You cannot access personal or even work documents if you store them on iCloud. And you cannot use third-party apps that depend on iCloud, such as a calendar or contacts app.
Since an e-mail address can be necessary to access accounts (for verification or if the password needs to be reset), I think it’s a bad idea to to use an iCloud address as the login for any important accounts. This also makes me think twice about using Apple Passwords as my authenticator (actual passwords are in PasswordWallet). Hopefully, I would still be able to use the authenticator if my account were locked because the information would be locally cached. But we all know that iCloud tends to discard cached data for seemingly no reason.
Given the scope of this issue, Apple should explain what happened. Many users were worried that someone had accessed their accounts and rushed to reset their passwords, thinking that their data could be stolen. It’s unclear how many users were affected, but users in many countries had this password reset, and some people even reported this problem occurring as late as Sunday. At the time of this writing, on Monday, April 29, Apple has said nothing.
As usual, Apple screwed up, and as usual, instead of owning up to it, they are just pretending to themselves that it never happened.
In other words, Apple are being their usual arrogant selves, at the expense of their users.
Update (2024-05-01): Pierre Igot:
BTW, unsurprisingly, search for “significant” in Settings in #iOS returns… ∅. “Significant Locations” is actually under Privacy & Security › Location Services › System Services.
[…]
Whatever they might write, a search for it (“significant” or “familiar”) in System Settings in #iOS still returns zilch.
See also: Adam Engst.
Update (2024-05-03): Warner Crocker:
Apple (hell all companies because every company is online and subject to hacks) owe users open communication at the very least. Equally as important, Apple owes its own tech support personnel open and better communication on these problems.
[…]
I won’t go into a blow by blow account with my iCloud Migraine issues. You can find those specifics in blog posts here, here, here, and here. That said, having to re-log into Messages after this event leads me to continue to believe that Apple has deeply rooted issues with iCloud. I’ve been fighting these issues (and Apple) for well over a year.
Update (2024-05-07): Pierre Igot:
Latest chapter in the fallout from Great Apple ID Password Reset of April 2024: Yesterday, I tried to send a message from my mac.com email address, which is my Apple ID, using Apple’s servers, in MailMate. Because Apple BARELY supports (very begrudgingly) third-party mail clients, you need to define not one, but TWO app-specific passwords for MailMate, one for receiving mail and one for sending mail.
[…]
The site… asks me to log in again. (I just did!) Fine. THEN it asks me to… confirm my Apple ID password. I then enter my NEW password (the one I reset last week), and… it tells me it’s the wrong password! I try again and again and… same thing.
So I log out altogether on the Apple ID web page and start from scratch, this time logging in with my Apple ID and the (same) new password (instead of the passkey). It works (wait, didn’t you just say the password was wrong?), but… now Apple says my account has been locked again!
Update (2024-05-09): Andrew Escobar:
Apple ID is either broken or being updated ahead of WWDC.
All my app-specific passwords were wiped when my account was locked on April 24[…] and I still can’t set new ones.
I’m concerned Apple hasn’t even acknowledged the Apple ID indecent on Friday, April 26.
Update (2024-06-20): Eric deRuiter:
I’ve confirmed with Apple support that this is the intended behavior. Even at home or a familiar location there is no way to disable Stolen Device Protection if FaceID doesn’t recognize your face. You must wipe the phone and restore it from backup.
The choice is between using Stolen Device Protection to protect against rare method of taking over the phone while accepting the risk that a failed FaceID requires the reinstall of the phone VS not having SDP on.
Update (2024-07-03): Marcin Krzyzanowski:
apple what is wrong with you? accounts are randomly locked without any reason given. sometime unlock by itself
Update (2024-08-01): Apple locked my account again, and I was not able to unlock it from my Mac. It kept reporting unknown errors after I entered my password. I couldn’t even sign into the Mac with a different Apple ID because that requires signing out, which you can’t do with the account locked because you need to turn off Find My Mac. The solution was to unlock my Apple ID on the Web, and then I was able to sign into it on the Mac.
Previously:
Update (2024-08-07): Jim Dalrymple:
Apple keeps locking my account and forcing me to reset the password. This is getting frustrating and out of hand.
I’ve had to unlock my accounts probably a dozen times in the last week.
Update (2024-12-09): I again ran into the bug where iOS imposed the security delay even though I was at home and passed the biometric authentication. I also heard of another user who was locked out of a device because Stolen Device Protection is enabled—so that more than the passcode is required—but biometric authentication is not working.
63 Comments RSS · Twitter · Mastodon
Hmm, I just had my Apple ID get mysteriously locked too. That process is pretty sketchy feeling, and I'm at home, with all my devices at hand.
Same thing for me. I’m turning off Stolen Device Protection. What a disaster if this happens while traveling or anywhere but home
Same things here, and it also wiped out my application specific passwords which caused problems with several apps.
Had to create new passwords for each of them.
Took a while to get everything reconfigured and synched on my MacBook Pro and iPhone.
I have been plagued with this for months. My iCloud account locks every 1-2 days and I have to unlock it. Sometimes I can unlock it without a password, other times I need to change it. I’ve phone Apple support and they’ve been mostly unhelpful.
The EXACT same thing just happened to me. Was convinced someone was trying to hack me, and it didn't seem like I was going to be able to get back into my account.
Apple seriously needs to get this sorted - It's discouraging me from ever trusting them again.
I have the security delay set for "always" instead of at familiar locations. Is there a reason an hour delay is infeasible? Its not like your data is gone for an hour, it just cant sync, right? That seems better than a stolen phone and account...
@Anonymous In theory, it should be usable, though semi-offline, for that hour, but it’s really annoying to have it keep popping up alerts asking me to log in, and I have low confidence that the system and apps are well tested in that state. I figured it would mess up the movie we were about to watch on Apple TV. Also, the brokenness makes me worried that there are other problems with this feature. Like maybe it will escalate to a longer delay than what it’s supposed to or require another device to unlock. The feature sounds good, but I no longer trust it and would prefer something simpler and more reliable. I’m careful about entering my passcode in public.
Earlier tonight it popped up on all three devices I was actively using (Watch, TV, iPhone) and demanded my Apple ID password be reentered in Settings. I just tapped Not Now until it went away, which took 5 or 6 taps, then it would go away for 5 or 10 minutes and come back. It did that for three or four cycles and then stopped entirely. I just assume that something failed to renew a token due to a server being down or glitching. I’ve seen it do this a few times in the past and it usually clears itself up.
I don’t have the security delay enabled, FWIW.
So happy (and unhappy) that I read this today, a couple of hours after the same thing happened to me. I did a Messages chat with Apple Support to resolve this, which eventually involved resetting my iCloud password and now reconnecting on all of my personal devices. And our Apple TVs. And probably something else. So annoying. But sort of glad I am not alone.
I had the same thing happen on April 4th with an account only used with one computer. I was able to unlock it without any problems and changed the password. A couple days later I kept getting a dialog telling me that it couldn't log into iMessage because of a problem with the account, which was weird since I've never used iMessage with this account/computer. A Google search suggested an error, and restarting the computer made it stop.
Concerned, I tried to look for account activity, but couldn't find it anywhere. (This might be because I've turned off most analytics and logging though.) A search suggests that there isn't one beyond a list of devices associated with the account. I requested a download of my Apple ID data, but it didn't show anything useful. Both Google and Microsoft will show account activity, and Microsoft will even show unsuccessful login attempts.
I'm a bit relieved that I'm not the only one this has happened to, but now I'm wondering if something is happening at Apple. A failure or intrusion?
This is driving me crazy, can you please layout how to do it without having to use your phone number? It’s not recognizing it, my Mac.com account stopped getting emails at 4:10pm this afternoon. I get to the part about having to unlock my account by verifying and changing my password, but here comes the phone number option and it’s not working. This includes doing it on the web. My devices aren’t recognizing each other- ugh this sucks
Oh thank goodness it wasn't just me, was drifting to sleep when I got the notification, thought I'd been hacked. Essentially the same symptoms as Michael except I was also asked to find another device (iMac, in other room) to unlock, which was showing both a system dialog saying that FaceTime needed me to sign in again and the notification for my account being locked, which just took me to the iCloud pane, security section, to change my password, which I had no choice but to do, after backing out of that broken password verification sheet, but at least I'd bypassed the stupid stolen device protection delay, which I will probably still not turn off. All very shitty, and I'm now very, very, very glad that my passwords are all locally stored in Strongbox, the vault on my NAS, accessible through a VPN under my control with no Apple bits involved. I checked my iCloud Drive for any text files, made sure none of them were absolutely critical to authentication, also discovering that my app-specific passwords no longer worked (FFS!) and that my AirPods pairing keys had been zapped, even when I restarted everything, and even though they showed up fine in Bluetooth settings and could still be manually connected. Took the opportunity to look through and correct all my passwords to ensure everything was accounted for including my new Apple ID password, which in fairness benefited from a change after many years and probably woke me up to do a task that I would have otherwise put off, found during this process that Strongbox, though not perfect, really is the right choice for me; highly recommend. So all in all just a really great way to be woken back up, not. Now having some tea, listening to an audiobook, and ranting on the Internet. Thank you Apple, your momumental incompetence is truly unmatched. Have one of these Apple stickers.
Had this happen and it really bothered me. Phone told me I could verifiy using one of my other devices but all of them were locked as well, but would let me send a code to the phone via SMS, which lead to a password reset. Talked to Apple Support to see if there was any insight as to *why* but they couldn't tell me.
Weird inscrutable issues with Apple's black box services is why I'm trying to transition away from them as much as I can. Unfortunately there's nothing I can do about having an Apple developer account so long as I'm an Apple developer.
Pro tip: most of the app-specific passwords were actually former SMTP credentials, now obsoleted by having a single OpenSMTPD relay set up on the network. So set up a relay, tell all your apps to use that, make sure the one password is correct in the relay configuration. Bonus: errors are even reported when you are offline (you won't get them till you're back online and your SMTP server has relayed them to their final destination where you'll pick them up and read them, unless of course you are running a local mail server).
This just happened to me when I got up Saturday morning in the UK. After resetting my Apple ID password on my phone, I have to do it on my watch, my iPad mini, my iPad Pro, my iMac, my MacBook Air, my Mac mini, my Apple TV… i’m not sure if I also have to do it individually on my five HomePods – four of them in two stereo pairs, which might mean just one password reset per pair. Not to mention apps specific passwords for a couple of apps I use. Thank you Apple for making me waste an hour or two on Saturday morning.
The same thing hit me last night seeing it first while watching Apple TV then all devices. I do not have Stolen Device Protection turned on. Whatever glitch caused this it also wiped out ALL App Specific Passwords I have. Noticing this morning that things like Reminders are syncing slowly if at all.
As I've come to rely on iCloud more -- Ulysses writing projects, medical records shared between desktop and laptop, snapshot photo archives, among many other uses -- this terrifies me. Getting permanently locked out of my Apple ID would be devastating. I realize this is not exactly what we're talking about here, but it has happened to people, and the recent shenanigans sort of points to the potential of it. It's not clear to me that we (i.e. humans) can build and maintain systems of the complexity we've unleashed. The pace of "improvement" is greater than the pace of maintenance, IMO. The fact that all this is managed by Eddie Cue, noted happy-go-lucky sports and race car enthusiast, is not encouraging. iCloud shouldn't be under "Services," but under some sort of core technology / infrastructure tech lead, more like the profile of Johny Srouji.
Same here. Have not been able to get back in since last night. Contacted Apple and they cannot get me in. I can’t change password because it’s linked to my iCloud account. Also cannot create a new iCloud account
The same thing happened to me today. And this is a humongous pain as you have to redo all your app-specific passwords, it forks up Apple Music and if you have many computer, they all are messed up.
I didn't know about that Significant Locations page in Settings, mine similarly only shows a location I went to once weeks ago.
I additionally have iPhone Analytics off, so I'm curious why that and other switches were not only enabled in System Services but have purple arrowhead badges indicating recent location access.
Fortunately I haven't been locked out (yet), but I did get a spontaneous alert on my iPhone last night informing me that my phone number had been added to iMessage (which it already was).
Till Apple doesn't explain it
A quick summary of what isn't the cause so far, after reading several articles and messages :
No email ending in .me or .Mac because other emails were involved
No Stolen Device Protection, many people didn't even had it ON, but I turned mine OFF because if you are not at home it's a longer nightmare from what someone wrote
No old iCloud password , I reset mine VOLUNTARILY in January.
It's happening everywhere, US, Canada, UK, Sweden and Europe in general
Happened to me too. Glad others are reporting. I only have one Apple ID which is a personal email address. I have never enabled Stolen Device Protection. Even still, very disruptive, thought something bad was happening. I contacted Apple Support at 11 AM PST and they were not aware of any widespread issues. It wants me to reset my password. I am resisting. I am hoping this will be nullified by Sunday night. If it is not, I will give in and change my Apple ID password. Very disappointing, I really wonder if this could be related to the rumored Apple ID account system overhaul for iOS 18.
I’m relieved to know it’s not just me. My iCloud account has been locking almost daily for a few months now. It doesn’t make me change my passwords, but it does have me go through the unlock process each time. I’ve signed out of and back into all devices, done everything I can think of to no avail. I couldn’t find anything about this issue except that it probably meant someone was repeatedly trying to log into my account. Every day. For weeks. From all I’m seeing here, it’s becoming apparent that the issue is really at Apple’s end.
I especially love the part where Apple's got their support staff ignoring the growing press around this, pretending like nothing happened, and actually implying to customers that this was user initiated. I've been trying to help out a buddy who kept getting hit with verification server errors when trying to reset his password on his iPhone, and after giving up and trying from a computer, got stuck with a 24-72 hour lock that's going to hurt him financially due to work files on iCloud being inaccessible.
We tried different ways of explaining this to more than one support person, and it's the same line every time: there's no escalation path, just wait it out, you wanted this, so we will make sure you keep it. I've run technical support teams in the past, and worked in tech for decades. I know better than to blame the support reps themselves (they're clearly just using the lines they've been fed), but I hope the person who decided to put their support personnel and Apple's customers through this does some self-reflecting. Gaslighting customers when there's a known issue is not cute.
Same here. Especially fun getting the popup on my Apple TV while my wife and I were trying to watch something.
I got locked out and I called Apple. They didn't know but walked me through fixing the issue.
It was a bit convoluted but the iPhone/iPad are back to normal. (what ever that is)
This is interesting – hasn't happened to me, but earlier this week I had, all of a sudden, news that an iPhone and an Apple Watch was added to my iMessage – checked and it was my existing devices. Something's gone wrong with Apple but nobody for sure knows what.
DITTO! I reset last night and was hit again this AM. Apple Support was unaware.
Apparently, any lingirng device not updated pinging iCloud with an outdated token in its sleep will trigger the problem AGAIN!.
I have a lot of devices: 8-10 Macs (a couple haven't been powered up for a while,) AppleTVs, eight HomePods, two iPads, two iPhones. Even my Apple Watch was complaining. My curated list of App Specific passwords was wiped and needs to be restored and entered on all devices.
Is it time to diversify? First Tesla, now Apple is becoming non-grata!
Somehow I ended up going for Account recovery. Now I have to wait for 24 hours before continuing to reset my password. It's already been 22 hours passed by. I am waiting 2 more hours for the cooling period to get over.
Same thing here, but this happened while on hotel wifi, so had me in more of a panic than I would've been if at home.
30hrs later and back at home; everything is mostly normal, except Watch - won't accept new password, keeps saying it's wrong, and gives me this effed-up fail screen.
https://pbs.twimg.com/media/GMOnBILWYAAxLn0.jpg
Oh - and my "significant locations": none. Even though I spend ~20hrs/day at home, at least 300days/yr. If that's not "significant"....pleaes, Apple, tell me what is.
My iPhone showed this today. To confirm identity, it asked me to enter my phone number giving just the ending digits. Then it only allowed me to enter a US number (my AppleID is US-based but my phone number happens to be in EU). So if it persisted, I would have been really screwed. Real confidence builder, that.
Luckily, right away I unlocked my iPad with FaceID, and that seems to have pacified the iPhone. I have seen no trace of the account locking since, knock on wood.
Interestingly enough, it happened as I was using the phone to try to initialize (for the first time in a month) a HomePod, bricked since 17.3 and plagued by the much-discussed -5320 setup error. So maybe that login attempt triggered it.
My significant locations shows Home (twice), and some third place which does not seem significant. It also mentions 127 others but I am not worthy enough to view them.
Today (Sunday April 28), I'm locked out again.
I was locked out like everyone else on Friday. Same deal, had to reset my password. Now I'm going through the same thing except that I apparently need to wait 1 hour due to Stolen Device Protection—which did not happen the first time.
While all this is going on users were probably getting "you need to log into iCloud' alerts every 30 seconds. So incredibly annoying when you want to do exactly that.
Not this but related is the lockout that Chels referred to. My very old mother bricked her iPad because she tried to many times to log in. The best we could do was wipe it with her iCloud id and start over. Maybe 1% of the Apple's user base needs this level of draconian, paternalistic "protection."
I am glad I don't have Apple stolen device protection turned on. Seems Apple quality (or lack thereof) is a bigger threat to my phone then some stranger grabbing it!
If Apple is silent and it’s not a hack from someone, I’m thinking that could be an AI experiment gone awry and this is why Apple is keeping the secret
I had this experience - but I was at home so I didn't have the delay. If it had happened to my wife while I was away she'd have been SOL. It's a failure of fundamentals by Apple who owes us and explanation of what happened.
I just checked my Significant Locations, and the only one shown is a restaurant I ate at once **ever** yesterday. WTF?
This happens to me from time to time from months or years ago. Suddenly, a warning shows in Mac indicating that the application "Messages" (formerly iMessage) will not receive messages unless I login with my Apple ID, which is true (I can confirm that). Then that requires several steps to log in my Apple ID, and significant time, which interfere my productivity. And so on until the same issue arises next time. What is going on Apple? Please, do not interfere!!!
System: macOS 13.6.6 (22G630) Ventura on Mac (Intel). Such Mac from mid 2017 does not support macOS 14 Sonoma.
I'm glad I mostly decoupled from Apple Cloud for vital services like e-mail, photos and other important data two years ago.
I haven't been affected by the recent account problems myself. But after reading the comments here and elsewhere, I decided to disable the stolen device protection for now. Apple needs to overhaul this feature and make more transparent how it works. The "Significant Locations" section in settings is too opaque and confusing.
When I woke up yesterday same thing had happened and the phone asked for my Apple ID pw and wouldn't recognize it in the same manner as others here has described. Something happened on my Mac + iPad + tv. I had to reset my pw. I called Apple Support to find out what was going on but they (of course) denied any problems and blamed me as a user, but one support person actually acknowledged that the previous support call had been about the same issues. Now I feel as paranoid as if I had been on Android or Windows in Russia or China (or anything in Israel). Lack of info does not build trust.
So, I will still probably keep ignoring the macOS system notification that harasses me to accept the new iCloud license terms.
Lots of dark patterns with this system notification: e.g. closing the notification presents the iCloud license dialog.
Rather than "Significant Locations," could it be whatever is defined as "Home" or "Work" in the Maps app?
Same thing happened to me in the early hours of the UK morning. Thought I’d been the victim of a failed access attempt, but that didn’t make complete sense because of the need to change my password (rather than a simple 2FA authentication). Now that I realise it was a widespread problem, I’m pretty disappointed with the way Apple has done nothing to address this.
The main issue is the design of Significant Locations settings.
Apple is trying to be smart about it and fails. People should be able to set several such locations manually, and system should suggest few locations as optional, for people to confirm some of them.
My Apple ID locks every day. It is really not a big deal as any of my bona fide devices can unlock it. It is only a pain when adding a device and it is locked.
I suspect that there is some kind of criminal or foreign sponsored hack-hack at work hammering accounts bypassing any crapsha causing this issue.
I finally reset my password for iCloud on my Mac. Then was forced to sign into iMessage again. That worked.
Then updated my iCloud password on my iPhone - that worked. Then iPads.
I updated the password on my Apple TV’s. The first one did ok but right after entering it - my Control4 remote stopped working with it. I have no clue how just updating my iCloud password on an Apple TV would break the network connection between the C4 system and Apple.
I went to the next room - same issue again.
I have my entire C4 system home bridged to HomeKit. This way I have can control the entire house from the Home App too which is faster.
My home app on my phone was showing every single item unavailable. Home hubs were offline. Shit show.
After fussing with turning off the home item in iCloud on my phone and back on again I remember there was a Home app on the Mac.
That one showed everything online! - yet the iPhone and big iPad not.
I then tried my iPad mini - it too was ok and home showed everything.
At this point I realized this was device specific… clearly.
I finally just went for it and turned off iCloud on my iPhone. I hate doing that because of the crazy amount of places it’s connected. It signed me out of Find My and removed credit cards from Apple Pay - oh joy.
Then my phone got stuck on the ‘copying iCloud items’ - no clue what that is doing because I didn’t select to keep anything stored on the phone from iCloud. I let it run for 20min then power cycled phone. Went back to iCloud - still showed me signed in. Clicked sign out which was available to click. Nothing. Clicked it 5 times. A minute later it signed me out.
Someone online said that if screen time is enabled on your device - it can prevent sign outs from iCloud in general - good to know.
I opened the home app now just for fun - completely empty and reset = home is completely tied to iCloud. Good to know as well. Fuckers never tell us anything.
Restarted phone - then signed back into iCloud - tweak things from place to place, etc.
Then held my breath and opened Home app - Voila! - everything visible and online now.
I then opened the home app on my big iPad - it too was now showing things online. Like wtf does toggling iCloud on my phone have to do with my iPad?? - clearly something.
Now to get my Control 4 system remotes talking to Apple TV again.
There is a setting in the C4 app to turn on Apple TV integration. I had tried 10x to do this earlier in the day and it refused to do it saying my C4 controller was already connected.
This time however - it worked and let me add it again. Voila - all of my remotes now work again too.
So despite apple forcing me to reset my password - it should’ve told me to fucking sign out completely once doing that and sign back in. The full sign out and sign in wasn’t needed on my Mac or small iPad though. Lovely how consistent this shit is.
As we know - the phone is the central hub for their entire ecosystem and if it’s funky - the rest is unstable too.
There ya go - only lost about 5 hours total on all of this shit.
I wrote about how this ties in with an ongoing iCloud issue here: https://warnercrocker.com/2024/05/03/time-for-apple-to-come-clean-about-icloud-part-2/
In regards to the fixes and getting things back to "normal" there are some interesting and curious similarities.
“ I think it’s a bad idea to to use an iCloud address as the login for any important accounts.”
When Apple initially announced the ability to host third-party domains on iCloud, I considered it for a moment, but then realized that if, for some reason, I got locked out of my iCloud account, I would probably be locked out of my main email account as well. Eggs, baskets.
This is the second time I had this lockout issue, must change password demand, happened to me a couple of months ago. Same issue both times logged out of everything must change password and re-create all app specific passwords, turns into hour/hours long process both time.
Brian Krebs shared an article (3/29-24) on this topic
https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/
It gets even worse:
I just switched on my older iPad Pro which was shut down since weeks and sure enough it popped up a message about my Apple ID being locked (apparently it replays old alerts) with no way to cancel out. Immediately shut it down again and will see another time, if it pops up the alert again.
And still no official Word from the Mothership about what happened!
Ugh. It's been a month since that Apple ID mess happened and things are still a little wonky across all my devices. I've logged out and back into iCloud on almost all of them, and yet iMessages aren't showing up everywhere, photos aren't consistently syncing and even some apps like Drafts aren't syncing properly. WTF?
Though I haven't encountered the AppleID lock issue or the incorrect Significant Location problem, I recently helped a client with an iPhone (iOS 17.5) that had some blank System Setting screens and a blank Messages app screen. It had other obvious issues, too.
He already tried rebooting several times before I started to help.
The solution was to make sure the iPhone was backed up to iCloud, then erase it completely and restore it from its iCloud backup.
After watching this client use his iPhone during troubleshooting, I noticed he incessantly force-quit apps when he finished using them.
Though I still occassionaly use iOS's force quit (swiping an app off the top of the screen), I remember an Apple executive recently pleaded with users to stop force-quitting apps on the iPhone (and, I assume, on the iPad) because it could corrupt the system.
Though I disagreed with the exec's blanket statement because force-quitting is (or was?) sometimes necessary to stop a buggy app, I suspect my client's incessant force-quitting corrupted iOS.
After the wipe and restore, I told my client to stop using force-quitting regularly and only if an app continues to misbehave after restarting the iPhone, which he should do more often anyway since no iPhone malware, even zero-click exploits, persists after restarting (doesn't apply to macOS, though, and even iOS malware that fakes a "slide to turn off" doesn't persist after a reboot).
I thought this issue was behind me, but it came back today for no clear reason: Again, account locked and mandatory password change :-(