Account keeps getting locked for security reasons and requires me to change my password constantly last couple weeks

I have had this problem too, getting locked out at least once a day, but some times up to 3 times in the same day. I had an online chat with Apple support about it, and I learned a few things during that chat and after trying some things:

• You can enable 2FA, then disable it within 2 weeks to test things
• After enabling 2FA, you get an email from Apple with a "magic link" clicking on it (within 2 weeks) is the way to disable 2FA
• Once I enabled 2FA (mid January 2021), the problem went away completely
• After 13 days, just before my 2 weeks was up, I disabled 2FA (disabling 2FA -requires- you to change your password)
• After disabling 2FA, the problem started up again, up to 3 times a day

So I tried putting my iPhone (X) in airplane mode. I then logged out of iCloud/Apple on my MacBook Pro (2012) and closed the lid to sleep the machine. Finally, I logged out of iCloud/Apple on my iMac (2019) and my Mac Pro (5,1). This left my iPad (4) as the only device logged in. And STILL the problem happened. As an example, the moment I took my phone out of airplane mode, the "account locked" message came up.

Although I acknowledge the nuisance that 2FA was in the early days, during my 13 days with 2FA enabled (1 day short of the 2-week point-of-no-return) I did not encounter -any- nuisance authentication requests. In other words, I was never once challenged to have to enter an authorization code sent to my iPhone in order to "do" anything on any other device. When you enable 2FA, you do have to log into each device now that 2FA is enabled, and when doing so you get some type of notification that the device you're logging into is now a known trusted device. Now that it's a trusted device, you won't get challenged by 2FA for any authorization code for anything you do on THAT device. And so, since all of my devices were trusted, I never once saw a 2FA challenge during the 13-day period. I'm pretty sure that if I got some new device during that time and tried to set up iCloud on it, I'd be challenged by 2FA one time for that new device, but then it would be trusted. 

My point is: like many of you here, I've resisted 2FA for a very long time, and even disabled it 13 days after enabling it. But, I have to say that life with 2FA didn't actually have any of the nuisances that were reported by people in the long ago past, and if I cannot get to the bottom of this with 2FA disabled, I will probably end up re-enabling 2FA and letting that become permanent by allowing it to stay enabled past the 14 days. Because it DID solve the "account locked" problem for me.

This problem bothered me for months – constant logging out with several devices, and about every two or three days I would have to unlock the account.

At one point, I had to update the account's payment method because its credit card had long expired, and I wanted to buy something on iTunes. When I made the purchase I had to do a typical verification of the new payment details. After this, the logging out and locking stopped. I did not need to change any account settings, and I never tried any of the recommended fixes.

In hindsight, the problems started when my card was approaching expiration, and continued afterward, but I so rarely buy anything from Apple that I didn't bother updating the credit card until I needed to, almost two months after expiration, and because I don't normally think about having to pay Apple for things, it didn't occur to me to connect the account problems with the expired card.

I'm pretty sure it has something to do with bots using leaked User lists. Such lists are purchased in Darknet and contain Email Addresses and Passwords that were stolen from other pages. With this data bots try out various logins, Facebook, Instagram, Apple, Microsoft etc.

So as a first rule, never use your Apple Password on a different site. Unfortunately this doesn't save you from this annoying behaviour at Apple. If an attacker fails to login too many times, Apple locks our accounts and removes all sessions to our devices.

Passwords are most probably not saved on devices and different Apps (even from Apple) cannot share sessions. This causes the problem that requires several logins on the same device. Something Apple should surely fix.

I don't think two-factor auth will save you from these problems.

Probably the only effective way to save this hassle is to change your Apple Id e-mail address. I really don't want to do this myself, but the constant logouts are getting annoying. My advice for anybody who gives up and changes the email... make a special email address for your Apple Id, one that you never ever use anywhere else than for your Apple Ids. This way attackers cannot find that email on other hacked sites.

Yeah. I was getting locked out every few days. I went through all my iCloud-connected devices a month ago and shut down all of them but my MacBook Pro, my iPhone, and my Apple Watch. As I've brought the other Macs and iPads back up, I've made sure to log each one out and back in as I've started it up. My account hasn't locked itself since. I'm not saying this is the solution. It's only anecdotal. But it suggests one or more of the devices may have been making a bad request.

FWIW, there may be something to the idea that a device might be causing this. I shut down my 2 non-essential Apple iPads a few weeks back. Also shut down an old iPhone I was using just as a controller for something. And logged out and back in -- ensuring the right password was set -- on my two MacBook Pros and my Mac Mini. I haven't had a locked id issue since. I can't say for sure that's what fixed it. Correlation without causation is always problematic. But it might be worth really taking a look at your devices. That said, having posted this, I'll probably get told my account is locked later this afternoon. Lol. Because Apple...

I think its an Apple glitch as well. Read where issues with many signing into new devices from Christmas presents. No idea if their fix for that is messing up those like us, being locked out repeatably for security reasons. Just know I had no issue before. Even stranger was my card on file had to be verified but it had been verified eons ago as valid. So glad to finally read where others are having the same issue and suspect its on Apple’s end.

It definitely is a bug. I has not happened to me for weeks. And I'm pretty sure it stopped happening once I didn't try to unlock or enter my password on all my devices. For about a week, I ignored all prompts to enter it or unlock. Then, I only entered it on my main devices (iPhone 12 Pro max & iPad Pro 2018), and continued to not do it on my other devices. That seems to have fixed it for me.

I agree, you must be onto somthing, I removed 2 old windows devices from icloud.com and at the moment I havent had any locking issues (so far, and its been just over 2 weeks)

Same here in this household, 4 iphones, 4 macs, ipad, 4 watches all randomly ask to log back into icloud, imessage, podcast, app store. Something is wrong Apple !!! It started about 1 1/2 months ago for us.

I have this too. It's a bug. At first I thought it was someone who knows me and was trying to lock my account on purpose repeatedly. Now I think it's either an iOS 14 bug, or Apple being victim of Russian/Chinese hackers and they don't want to let us know and come clean about what's going on.

My iCloud account keeps being locked every other day for over two months now. The service is just not fit for purpose anymore. Coming from the wealthiest company in the world, it's pretty appalling.

Each time, I have to log back in on iPhone, iPad, Mac and Apple TV. And for each device I have to log back in to the App Store, iMessage and FaceTime. That's like entering the password 12 times, plus 2-3 times more for unlocking the iCloud account via email. 15 times!!!

Apple should be ashamed of such a poor security process. It shows it's so poorly built that they don't know what they're doing. A normal users shouldn't have to unlock their account nearly 50 times in 2 months without being told what's going on. Multiply that by 15 times having to enter the password and that's over 500 times of re-entering the password for this broken iCloud service!!! Complete madness.

I've spoken to Apple Support extensively and they were useless. Nothing they suggested fixed this issue. I bet they don't have a clue what's going on because the issue is much more serious, and copy pasting useless Apple support articles does not help in this case.

I'm dealing with the exact same issues myself. For the past 2 months my AppleID has been getting locked on the regular. Most recently it's happening everyday which is very frustrating. I have now spoken to five Apple service agents on calls as long as two hours, still none the wiser as to what is going on. I've jumped through all the testing hoops; re-set my password more times than I care to remember; reinstalled operating systems on all my hardware and signed everything out of iCloud and left it for a couple of days, only to find my AppleID has been locked upon resigning in. You name it, I've done it, yet the problem persists. I find it very odd that none of my hardware is being used (sleep) when the AppleID is locked, but the vibe I get from customer services is that it's all my end: My hardware is too old, you need 2FA yada yada. So, in order to put pay to the old hardware being the issue, I borrowed a MPB running Big Sur and made sure that was the only machine signed into my account. Yup, Apple ID still got locked. Now the service department wants me to set up 2 factor for my original account and open up another account to use/test in the meantime. The irony being that I have to wait two weeks to set up 2 factor on my original account because of a grace period Apple has implemented when you make major changes - like resetting your password every 24 to 48 hours! Somehow I have a hunch 2FA won't fix the issue and I'm hesitant to set it up. The frustrating point for me is that the only service I sign into is Messages - to keep in touch with elderly family members abroad - everything else remains logged out. I've asked customer services a dozen times can they check logs and see if my account is being locked as a result of failed attempt to access my ID? I've been told this is not the case, but they can't tell me why my account keeps getting locked. I don't understand how something that has been working rock solid for me, with not a single issue since 2008, has suddenly become so problematic. The great news is that I opened up the Big Sur MBP that I'm typing this on tonight and received a pop up box to enter a password to my original, problematic apple ID; an account it's not logged into....so it's getting weirder.

Also just noticed all the gibberish after my user name! What's with all the ampampamp rubbish? Something fishy is going on with Apple!

I don't want to jinx it, but the method I described in my last comment seems to still be working. When I get a pop-up on one of my ipads to log into iTunes, I just close it. Then I log in to Manage my Apple ID in a website browser. Once I do that, then I can check my iTunes login on the iPad, and it is fine - no login needed. I haven't been locked out and had to unlock and reconnect devices since doing this. And I also haven't had a login popup on one of my laptops or phone for several days now.