I just today figured something out, and I'm sharing it here in the hopes it helps the few other people in this situation.
I got my Apple ID more than twenty years ago. I use the email address on lots of sites, so abandoning it is out of the question. And it's a fairly simple address that lots of other people out there think is theirs, so it gets locked several times a week from people trying to log in to it. I have a strong password and 2FA so they never succeed, but Apple locks my account anyway. (A locked account only keeps me out of any of Apple's web sites like appleid.apple.com, icloud.com, iforgot.apple.com, store.apple.com, and so forth.)
When it gets locked, I used to be able to start a login attempt on one of Apple's sites and it would verify a few things then send me to my iPhone, which made me enter my passcode and then simply tap an Unlock button, and then I was good.
But a few months ago the Unlock option was gone. My iPhone would only unlock my account if I changed my Apple ID password. That's the only option it would give me every time.
This ... is prohibitive. It got to the point where every time I wanted to use one of Apple's web sites, I would have to change my Apple ID password to something new that I hadn't used in the past year. And changing my Apple ID password also cleared my iCloud app-specific passwords (like for my Windows email client), so I would have to set those up again every time.
Then I remembered that I had turned on Stolen Device Protection around the same time that this started happening. As a test, I turned SDP off. Immediately the Unlock option reappeared each time I tried to unlock my Apple ID from my iPhone.
So, it looks like Stolen Device Protection will prevent you from simply being able to unlock a locked Apple ID; you'll have to change your password each time instead. And if your Apple ID is an email address you use for lots of sites so that you can't easily stop using it, and if it's a simple address that lots of people keep locking for you, then changing your password several times a week gets to be a real pain.
I don't know why Apple feels it necessary to lock an account that has a strong password and 2FA, and I don't know how forcing an iPhone thief to change the Apple ID password helps a stolen device. I'm just here to share what I learned.
(I reported this via Apple feedback, too.)
I got my Apple ID more than twenty years ago. I use the email address on lots of sites, so abandoning it is out of the question. And it's a fairly simple address that lots of other people out there think is theirs, so it gets locked several times a week from people trying to log in to it. I have a strong password and 2FA so they never succeed, but Apple locks my account anyway. (A locked account only keeps me out of any of Apple's web sites like appleid.apple.com, icloud.com, iforgot.apple.com, store.apple.com, and so forth.)
When it gets locked, I used to be able to start a login attempt on one of Apple's sites and it would verify a few things then send me to my iPhone, which made me enter my passcode and then simply tap an Unlock button, and then I was good.
But a few months ago the Unlock option was gone. My iPhone would only unlock my account if I changed my Apple ID password. That's the only option it would give me every time.
This ... is prohibitive. It got to the point where every time I wanted to use one of Apple's web sites, I would have to change my Apple ID password to something new that I hadn't used in the past year. And changing my Apple ID password also cleared my iCloud app-specific passwords (like for my Windows email client), so I would have to set those up again every time.
Then I remembered that I had turned on Stolen Device Protection around the same time that this started happening. As a test, I turned SDP off. Immediately the Unlock option reappeared each time I tried to unlock my Apple ID from my iPhone.
So, it looks like Stolen Device Protection will prevent you from simply being able to unlock a locked Apple ID; you'll have to change your password each time instead. And if your Apple ID is an email address you use for lots of sites so that you can't easily stop using it, and if it's a simple address that lots of people keep locking for you, then changing your password several times a week gets to be a real pain.
I don't know why Apple feels it necessary to lock an account that has a strong password and 2FA, and I don't know how forcing an iPhone thief to change the Apple ID password helps a stolen device. I'm just here to share what I learned.
(I reported this via Apple feedback, too.)