Use iOS 17.3’s Stolen Device Protection to Reduce Harm from iPhone Passcode Thefts

ByEmily Dolloff

Last year, a series of articles by Wall Street Journal reporters Joanna Stern and Nicole Nguyen highlighted a troubling form of crime targeting iPhone users. A thief would discover the victim’s iPhone passcode, swipe the iPhone, and run. With just the passcode, the thief could quickly change the victim’s Apple ID password, lock them out of their iCloud account, and use apps and data on the iPhone to steal money, buy things, and wreak digital havoc.

In essence, Apple allowed the passcode, which could be determined by shoulder surfing, surreptitious filming, or social engineering, to be too powerful, and criminals took advantage of the vulnerability. It’s best to use Face ID or Touch ID, especially in public, but some people continue to rely solely on the passcode.

Apple has now addressed the problem for iPhone users with the new Stolen Device Protection feature in iOS 17.3. It protects critical security and financial actions by requiring biometric authentication—Face ID or Touch ID—when you’re not in a familiar location like home or work. The most critical actions also trigger an hour-long security delay before a second biometric authentication. We recommend everyone who uses Face ID and Touch ID turn on Stolen Device Protection. The feature is not available for the iPad or Mac, but neither is as likely to be used in places like the crowded bars where many iPhones have been snatched.

How Stolen Device Protection Works

The location aspect of Stolen Device Protection is key. When you’re in a “significant location,” a place your iPhone has determined you frequent, you can do everything related to security and financial details just as you have been able to in the past, including using the passcode as an alternative or fallback.

However, when you’re in an unfamiliar location, as you would likely be if you were out in public where someone might steal your iPhone, Stolen Device Protection requires biometric authentication to:

  • Use passwords or passkeys saved in Keychain
  • Use payment methods saved in Safari (autofill)
  • Turn off Lost Mode
  • Erase all content and settings
  • Apply for a new Apple Card
  • View an Apple Card virtual card number
  • Take certain Apple Cash and Savings actions in Wallet (for example, Apple Cash or Savings transfers)
  • Use your iPhone to set up a new device (for example, Quick Start)

Some actions have even more serious consequences, so for them, Stolen Device Protection requires biometric authentication, an hour security delay—shown with a countdown timer—and then a second biometric authentication. The delay reduces the chances of an attacker forcing you to authenticate with the threat of violence. You’ll need to go through the double authentication plus delay when you want to:

  • Change your Apple ID password (Apple notes this may prevent the location of your devices from appearing on iCloud.com for a while)
  • Sign out of your Apple ID
  • Update Apple ID account security settings (such as adding or removing a trusted device, Recovery Key, or Recovery Contact)
  • Add or remove Face ID or Touch ID
  • Change your iPhone passcode
  • Reset All Settings
  • Turn off Find My
  • Turn off Stolen Device Protection

There are a few caveats to keep in mind:

  • The iPhone passcode still works for purchases made with Apple Pay, so a thief could steal your passcode and iPhone and buy things.
  • Although Apple says it’s required, you can turn off Significant Locations to require the extra biometric authentication and security delay everywhere. That would eliminate the worry about a thief using Significant Locations to go to your most recent familiar spot in an attempt to sidestep the extra authentication.
  • If you plan to sell, give away, or trade in your iPhone, make sure to turn off Stolen Device Protection first. Once it’s out of your physical control, no one else will be able to reset it.

Turn On Stolen Device Protection

Before you get started, note that Apple says you must be using two-factor authentication for your Apple ID (everyone should be anyway), have a passcode set up for your iPhone (ditto), turn on Face ID or Touch ID, enable Find My, and turn on Significant Locations (Settings > Privacy & Security > Location Services > System Services > Significant Locations), although this last one doesn’t actually seem to be required.

Then, go to Settings > Face ID/Touch ID & Passcode, enter your passcode, and tap Turn On Protection. (If it’s enabled, tap Turn Off Protection to remove its additional safeguards.)

Once Stolen Device Protection is on and you’re in an unfamiliar location, the actions listed above will require either biometric authentication or two biometric authentications separated by the hour-long security delay.

There is one group of people who should not turn on Stolen Device Protection: those for whom Face ID or Touch ID don’t work. Most people have no trouble with Apple’s biometric technologies, but some people have worn off their fingerprints or have other physical features that confuse Touch ID or, less commonly, Face ID.

If that’s you, stick with our general recommendation for discouraging possible iPhone thefts: Never enter your iPhone passcode in public where it could be observed.

(Featured image by iStock.com/AntonioGuillem)

Social Media: In iOS 17.3, Apple has introduced Stolen Device Protection to discourage iPhone thefts enabled by a revealed passcode. It requires additional biometric authentication, and we recommend that everyone who uses Face ID or Touch ID enable it.

Similar Posts

  • Prep Your Tech for Travel

    Long ago, to get ready for a trip, we’d mostly make sure we had our plane tickets, books and magazines to read, and…

  • _Dear Friends,_

    Definitely some weird weather in Vermont. One day it is below 0 F and the next day it is in the 40’s and raining. It makes for some tricky driving as wet pavement can hide some black ice. Hopefully as we enter March there will be some snow because the ski areas and local merchants are suffering from the weird weather. We can take a lot of snow and freezing temperatures but this freeze/thaw cycle is just annoying.

    Apple has very strong hardware sales but their hidden gem may be the recurring revenue streams that they develop. Of course, we know about the 11 million+ subscribers to Apple Music that pay a monthly fee and the iCloud storage fees but there are other much larger streams that provide Apple with consistent revenue. The iPhone is a big one that has two parts to it – on the one hand, people want to upgrade to the latest iPhone and that upgrade business is huge. There is also Apple’s new financing of iPhones that spreads the cost of the iPhone over several months and allows much easier iPhone upgrades. The carriers are also offering these easy upgrade programs which enhances the recurring revenue stream. It is sort of like printing money.

    This week’s Kibbles & Bytes exclusive features the “**Apple Factory Reconditioned 21.5-inch iMac**”:http://www.smalldog.com/wag900002159 with 2.7GHz i5 processor, 8GB of ram and a big 1TB drive. We are bundling this with the AppleCare Protection Plan which extends Apple’s 1-year warranty to 3-years and extends your 90-days of free technical support from Apple from 90-days to 3-years. To complete this bundle because we always want you to have a backup of your personal data, we are including the Apple Factory Reconditioned 2TB Time Capsule. The Time Capsule is the combination of an Airport Extreme base station and 2TB hard drive. Because you are buying it at the same time as the iMac it is also covered for 3-years by AppleCare! Normally, if you bought this bundle new it would cost $1769, bought normally as Apple Refurbished it would be $1399 but this week for Kibbles & Bytes readers you can get this great deal on an iMac with Time Capsule and AppleCare for only “**$1299.99!**”:http://www.smalldog.com/wag900002159

  • Keyboard Shortcuts

    I got my start in using computers with CPM operating system and keyboard shortcuts were present there. I used them all the time so they come as second nature to me. But as I go out and talk with customers and help them with their Macs, I am surprised by the number of people that do not know that most of the things you can do with your mouse by clicking on a menu item can be done faster with keyboard shortcuts.

    The first thing to learn about shortcuts are the symbols that are used to show these keys.

    Command ⌘
    Shift ⇧
    Option ⌥
    Control ⌃
    Caps Lock ⇪
    Fn

    These work for your Mac Keyboard but if you are using a keyboard made for a Windows machine you need to substitute the Windows logo for the Command key and the Alt key for the option key. When you look at a menu in almost any application you will find the common commands for all these symbols next to them to indicate the keyboard shortcut. Here are some common ones:

    Command-X **Cut** Remove the selected item
    Command-C **Copy** the selected item
    Command-V **Paste** the contents
    Command-Z **Undo** the previous command
    Command-A **Select all** items
    Command-F **Find** open a Find window
    Command-G **Find Again** Find the next occurrence of the item previously found
    Command-H **Hide** the windows of the front app.
    Command-M **Minimize** the front window to the dock
    Command-M **New** Open a new document or window
    Command-P **Print** the current document

    Command-Space bar **Spotlight** show or hide the spotlight search field
    Command-Tab **Switch apps** switch to the next most recently used app
    Command-shift-3 **Screenshot** take a screenshot of the entire screen

    As you can see, there are endless keyboard shortcuts to use, and these are only a small fraction of what you can do with “**keyboard shortcuts.**”:https://support.apple.com/en-us/HT201236 So the next time you find yourself wondering what you can do if your mouse suddenly stops working or if your just looking for a more efficient way to do something, keyboard shortcuts might just be what your looking for!