Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

bkendig

macrumors member
Original poster
Oct 8, 2019
64
118
I just today figured something out, and I'm sharing it here in the hopes it helps the few other people in this situation.

I got my Apple ID more than twenty years ago. I use the email address on lots of sites, so abandoning it is out of the question. And it's a fairly simple address that lots of other people out there think is theirs, so it gets locked several times a week from people trying to log in to it. I have a strong password and 2FA so they never succeed, but Apple locks my account anyway. (A locked account only keeps me out of any of Apple's web sites like appleid.apple.com, icloud.com, iforgot.apple.com, store.apple.com, and so forth.)

When it gets locked, I used to be able to start a login attempt on one of Apple's sites and it would verify a few things then send me to my iPhone, which made me enter my passcode and then simply tap an Unlock button, and then I was good.

But a few months ago the Unlock option was gone. My iPhone would only unlock my account if I changed my Apple ID password. That's the only option it would give me every time.

This ... is prohibitive. It got to the point where every time I wanted to use one of Apple's web sites, I would have to change my Apple ID password to something new that I hadn't used in the past year. And changing my Apple ID password also cleared my iCloud app-specific passwords (like for my Windows email client), so I would have to set those up again every time.

Then I remembered that I had turned on Stolen Device Protection around the same time that this started happening. As a test, I turned SDP off. Immediately the Unlock option reappeared each time I tried to unlock my Apple ID from my iPhone.

So, it looks like Stolen Device Protection will prevent you from simply being able to unlock a locked Apple ID; you'll have to change your password each time instead. And if your Apple ID is an email address you use for lots of sites so that you can't easily stop using it, and if it's a simple address that lots of people keep locking for you, then changing your password several times a week gets to be a real pain.

I don't know why Apple feels it necessary to lock an account that has a strong password and 2FA, and I don't know how forcing an iPhone thief to change the Apple ID password helps a stolen device. I'm just here to share what I learned.

(I reported this via Apple feedback, too.)
 
  • Like
Reactions: winxmac

Morac

macrumors 68020
Dec 30, 2009
2,297
676
Sounds like it’s working as designed. The whole point of stolen device protection is that the iPhone passcode can’t be used to do things that could jeopardize your iCloud account or data. Having a phone thief be able to unlock your iCloud account if they lock it out would seem to fall under that.
 

bkendig

macrumors member
Original poster
Oct 8, 2019
64
118
It's not quite that -

With SDP turned off, to unlock an account, the iPhone will ask for your passcode and then show an "Unlock Account" button.

With SDP turned on, to unlock an account, the iPhone will ask for your passcode and then show two fields to enter your new password twice. (It doesn't ask for your old password.) When you set the new password, the account will be unlocked.

The iPhone can unlock your account in either case; the only difference is that SDP will force a thief to change your Apple ID password to something new.
 
  • Like
Reactions: winxmac
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.