How to best combat someone somewhere frequently attempting to change my AppleID password (as evidenced by regular "reset password" account recovery request notifications on all devices)?
Firstly, I don't entirely understand the strategy here. If I click "Allow" on any of these Reset Password notifications I would just be changing my password. How exactly would someone with nefarious intent benefit from that? Do they have a device somewhere that is effectively cloning my device's activity so that if I click allow, it would allow them to change the password? "Change your password" is basically the only advice Apple has been able to give me when I have brought this directly to them.
That being said, I need to figure something out. I think I know how it started (but not in any way that I would have enough information to make an accusation) and that was in going to a cell phone service provider's store and asking a question about my ex's phone that I knew she wanted to answer. The salesperson asked a question that was functionally about paying for something up front or having to wait for the company to do it. Once I answered that it could be done up front, and that it was 4 lines total that we would be switching, the salesperson asked for my cell number and email so that they could tell me when the company offered promos that would benefit our specific situation. I usually give my yahoo from high school for things like this but for whatever reason I have my iCloud email address. I have never received any communication from that salesperson despite the introduction of promos that significantly benefitted our situation (which I took advantage of); on the other hand, these Reset Password notifications started soon thereafter. Again, circumstantial but could be relevant. I'm only including this part really in the case that having shared that specific information makes me specifically vulnerable and could be combatted accordingly specifically.
As I said, when I went to the genius bar or called support, the only advice I've been given is to change my password. Which was already something I had done - it is a very complicated password - and not something that actually solves the problem in any way. At least every other week (but sometimes every day for a week), I get the Reset Password on this device notifications on all my devices at the same time. I always click "don't allow" but the concept that someone is (possibly?) only as far as me mistakenly hitting allow from taking control of my AppleID is more than annoying. I get "An account recovery request was made for your Apple ID" emails most of the times in reference to the requests and the locations/phone numbers in them are all over the country and never the same (assuming VPN?)...
I have multiple devices (computers, 3 phones, ipad, watch, etc.) and they all get the notifications. I have recently switched mobile service providers and am waiting to set up the new phones until I have ideally figured this out and can set them up in whatever new way best solves this.
I'm open to changing my appleID which, while not end of the world level, would be extremely annoying... the amount of things tied to that email address. But that's a last resort.
Would creating new appleID's and making my current one part of a "family plan" and not the admin account help in any way? Or would adding new appleID's to this scenario only increase my exposure/hassle? The three phones serve different purposes (personal, consulting work, writing work/research) and I'm open to having them have their own accounts for ease of organizing contacts and call histories but also don't want to pay for apps I use more than once.
Any ideas?
Thank you.
iPhone 15 Pro
