Apple’s Stolen Device Protection Is a Powerful Security Tool

A good password is essential for securing your devices and data. However, it isn’t foolproof. If a thief knows your iPhone passcode, for example, not only could they steal your device and unlock it, they could use that passcode to access and take over your entire Apple account.

That’s because of a quirk in Apple’s rules of resetting iCloud account passwords: If you don’t remember your password, Apple lets you enter the password or passcode of a trusted device, like your iPhone, as authentication. From there, the company lets you change your password for the account. All a thief needs to know is your iPhone’s passcode, then, to unlock the phone and reset your iCloud password. With it, they can access your iCloud data, and lock you out of the account, blocking you from using any connected Apple device.

That’s why the company latest feature, Stolen Device Protection, is so essential to enable as soon as possible.

How Stolen Device Protection works

Apple rolled out its latest security feature with iOS 17.3, the company’s latest update for iPhones. Once updated, the feature makes it much harder for thieves and unauthorized users to make critical security changes or access sensitive features. That’s because iOS will require a Face ID or Touch ID scan to access the following features:

• Use passwords or passkeys saved in Keychain
• Use payment methods saved in Safari (autofill)
• Turn off Lost Mode
• Erase all content and settings 
• Apply for a new Apple Card 
• View Apple Card virtual card number
• Take certain Apple Cash and Savings actions in Wallet (for example, Apple Cash or Savings transfers)
• Use your iPhone to set up a new device (for example, Quick Start)

If a thief steals your iPhone and unlocks it with your passcode, they won’t be able to do any of the above without a face or fingerprint scan. That means they can’t access your passwords, pay for things with saved payments in Safari, or erase your iPhone.

However, the protections deepen from there. Apple also implemented a Security Delay feature to Stolen Device Protection, which forces you to wait an hour before accessing the following features and settings when away from a known location, such as your home:

• Change your Apple ID password
• Sign out of your Apple ID
• Update Apple ID account security settings (such as adding or removing a trusted device, Recovery Key, or Recovery Contact)
• Add or remove Face ID or Touch ID
• Change your iPhone passcode
• Reset All Settings
• Turn off Find My 
• Turn off Stolen Device Protection

After an hour, you’ll still be required to use Face ID or Touch ID to authenticate. This delay is intended for times when you’ve already authenticated yourself, but a thief steals your phone. That way, they won’t be able to change your iPhone passcode, sign out of your Apple ID, or even turn off Stolen Device Protection. If they wait the hour, they’ll be further blocked by a Face ID or Touch ID scan.

With Stolen Device Protection, your passcode will never be enough to access any of the above settings and features. It protects your iPhone, your Apple account, and your iCloud data from thieves, which could save both your personal information, as well as any business information connected to your devices.

How to turn on Stolen Device Protection

First, make sure your iPhone is updated to at least iOS 17.3. You can check from Settings -> General -> Software Update. Then, go back to Settings, tap Face ID & Passcode, enter your iPhone’s passcode, then tap to turn Stolen Device Protection on or off.