Use iOS 17.3’s Stolen Device Protection to Reduce Harm from iPhone Passcode Thefts

ByEmily Dolloff

Last year, a series of articles by Wall Street Journal reporters Joanna Stern and Nicole Nguyen highlighted a troubling form of crime targeting iPhone users. A thief would discover the victim’s iPhone passcode, swipe the iPhone, and run. With just the passcode, the thief could quickly change the victim’s Apple ID password, lock them out of their iCloud account, and use apps and data on the iPhone to steal money, buy things, and wreak digital havoc.

In essence, Apple allowed the passcode, which could be determined by shoulder surfing, surreptitious filming, or social engineering, to be too powerful, and criminals took advantage of the vulnerability. It’s best to use Face ID or Touch ID, especially in public, but some people continue to rely solely on the passcode.

Apple has now addressed the problem for iPhone users with the new Stolen Device Protection feature in iOS 17.3. It protects critical security and financial actions by requiring biometric authentication—Face ID or Touch ID—when you’re not in a familiar location like home or work. The most critical actions also trigger an hour-long security delay before a second biometric authentication. We recommend everyone who uses Face ID and Touch ID turn on Stolen Device Protection. The feature is not available for the iPad or Mac, but neither is as likely to be used in places like the crowded bars where many iPhones have been snatched.

How Stolen Device Protection Works

The location aspect of Stolen Device Protection is key. When you’re in a “significant location,” a place your iPhone has determined you frequent, you can do everything related to security and financial details just as you have been able to in the past, including using the passcode as an alternative or fallback.

However, when you’re in an unfamiliar location, as you would likely be if you were out in public where someone might steal your iPhone, Stolen Device Protection requires biometric authentication to:

  • Use passwords or passkeys saved in Keychain
  • Use payment methods saved in Safari (autofill)
  • Turn off Lost Mode
  • Erase all content and settings
  • Apply for a new Apple Card
  • View an Apple Card virtual card number
  • Take certain Apple Cash and Savings actions in Wallet (for example, Apple Cash or Savings transfers)
  • Use your iPhone to set up a new device (for example, Quick Start)

Some actions have even more serious consequences, so for them, Stolen Device Protection requires biometric authentication, an hour security delay—shown with a countdown timer—and then a second biometric authentication. The delay reduces the chances of an attacker forcing you to authenticate with the threat of violence. You’ll need to go through the double authentication plus delay when you want to:

  • Change your Apple ID password (Apple notes this may prevent the location of your devices from appearing on iCloud.com for a while)
  • Sign out of your Apple ID
  • Update Apple ID account security settings (such as adding or removing a trusted device, Recovery Key, or Recovery Contact)
  • Add or remove Face ID or Touch ID
  • Change your iPhone passcode
  • Reset All Settings
  • Turn off Find My
  • Turn off Stolen Device Protection

There are a few caveats to keep in mind:

  • The iPhone passcode still works for purchases made with Apple Pay, so a thief could steal your passcode and iPhone and buy things.
  • Although Apple says it’s required, you can turn off Significant Locations to require the extra biometric authentication and security delay everywhere. That would eliminate the worry about a thief using Significant Locations to go to your most recent familiar spot in an attempt to sidestep the extra authentication.
  • If you plan to sell, give away, or trade in your iPhone, make sure to turn off Stolen Device Protection first. Once it’s out of your physical control, no one else will be able to reset it.

Turn On Stolen Device Protection

Before you get started, note that Apple says you must be using two-factor authentication for your Apple ID (everyone should be anyway), have a passcode set up for your iPhone (ditto), turn on Face ID or Touch ID, enable Find My, and turn on Significant Locations (Settings > Privacy & Security > Location Services > System Services > Significant Locations), although this last one doesn’t actually seem to be required.

Then, go to Settings > Face ID/Touch ID & Passcode, enter your passcode, and tap Turn On Protection. (If it’s enabled, tap Turn Off Protection to remove its additional safeguards.)

Once Stolen Device Protection is on and you’re in an unfamiliar location, the actions listed above will require either biometric authentication or two biometric authentications separated by the hour-long security delay.

There is one group of people who should not turn on Stolen Device Protection: those for whom Face ID or Touch ID don’t work. Most people have no trouble with Apple’s biometric technologies, but some people have worn off their fingerprints or have other physical features that confuse Touch ID or, less commonly, Face ID.

If that’s you, stick with our general recommendation for discouraging possible iPhone thefts: Never enter your iPhone passcode in public where it could be observed.

(Featured image by iStock.com/AntonioGuillem)

Social Media: In iOS 17.3, Apple has introduced Stolen Device Protection to discourage iPhone thefts enabled by a revealed passcode. It requires additional biometric authentication, and we recommend that everyone who uses Face ID or Touch ID enable it.

Similar Posts

  • Where’s my AirTag?!

    Java is an active dog and quite the leaper.  We put an AirTag on his collar just so we could track him and…

  • The Little Guy(s)

    You know I am a rabid Boston Celtics fan, and I have been since I was a child listening to games on my transistor radio, searching for the gravely voice of Johnny Most. These days our All-Star and team leader is Isiah Thomas who NBA hall of famer, Tommy Heinsohn, always refers to as the “little guy”. We have been thinking of changing our dog, Max’s name to the little guy as a result.

    It was little iPhone and little iPad Pro day at the Apple event. Apple introduced the 4-inch iPhone SE and the iPad Pro 9.7-inch tablet. In other hardware announcements, there were new watch bands for the Apple Watch and a new Lightning to USB 3 camera adapter. The original iPad Air is now discontinued and the iPad Air 2 with a more limited selection becomes the entry-level 9.7-inch iPad.

    I have gotten used to the size of my iPhone 6 but there are many people that want a smaller iPhone. Having a big iPhone 6 or 6+ sticking out of your back pocket is an invitation to theft and they do get a big bulky in the front pocket of your jeans. The iPhone SE uses the iPhone 5 form factor, with a 4-inch screen and aluminum case. The iPhone SE is not crimping on power though, as it meets almost all of the specifications of the iPhone 6s. It fails to match up to the current iPhone lineup only in the lack of the 3D Touch technology, the Taptic Engine that provides feedback you can feel, and slower wireless networking. It’s either $399 or $499, with 16 GB or 64 GB of storage, and comes in the same four colors, Silver, Space Gray, Gold and Rose Gold. We have found that most cases for the iPhone 5 should work with the iPhone SE. These are shipping on March 31.

    p{text-align: center;}. !http://blog.smalldog.com/images/4692.png!

    The 12.9-inch iPad Pro, introduced last year with the Apple Pencil and Smart Keyboard, has enjoyed some moderate acceptance as a productivity device. I can see how for some, it might be their only device. And for artists, architects and others the iPad Pro is a digital drawing board like no other. But it is 12.9 inches and that is just a bit large for some. Apple introduced the 9.7-inch iPad Pro to meet this need, which meets or exceeds many of the larger model’s specs.

    For instance, the smaller model’s screen can display more colors and adjusts its white balance to match the ambient light in the room. Its cameras are notably better — the rear camera is 12 megapixels instead of 8 and has a True Tone flash, while the front camera is 5 megapixels instead of 1.2 and can use the screen as a flash. Plus, the new iPad Pro can record 4K video instead of just 1080p. I assume we will see these upgrades to the 12.9 inch iPad Pro in the future but the smaller version is a powerhouse.

    The 9.7-inch iPad Pro’s A9X chip is somewhat slower, it has half the RAM, and its Lightning port transfers data at only USB 2 speeds. But if the size is right for you, prices start at $599 for 32 GB of storage and go up to $899 for 256 GB. It will be shipping on March 31 in four colors: silver, gold, space gray, and rose gold. Cases and accessories designed to fit the iPad Air 2 should work with the 9.7-inch iPad Pro. We have our orders in with Apple and should have stock by the launch date. I think this new iPad Pro is going to be the iPad of choice for a lot of people.

    p{text-align: center;}. !http://blog.smalldog.com/images/4689.png!

    Apple also introduced the $39 Lightning to USB3 camera adapter. It is much more than a camera adapter though and opens the Lightning port to a lot of USB devices. With the Lightning to USB 3 Camera Adapter, it’s easy to transfer photos and videos from your high-resolution digital camera to your iPad Pro.
    If you connect with a USB Power Adapter, you can connect USB peripherals like hubs, ethernet adapters, audio/MIDI interfaces, and card readers for CompactFlash, SD, microSD, and more. This is a new and important step by Apple in making the Lightning port much more versatile.