Apple’s latest iOS update, iOS 17.3 beta, introduces an important new security feature called Stolen Device Protection. This feature adds an extra layer of protection in case someone steals your iPhone and also obtains your passcode.
Why Was Stolen Device Protection Introduced?
Earlier in 2023, an investigation by The Wall Street Journal uncovered a disturbing new iPhone theft tactic. Thieves would spy on victims entering their iPhone passcodes in public places like bars. After stealing the iPhones, the thieves could then reset the owner’s Apple ID password, turn off Find My iPhone, access passwords stored in iCloud Keychain, and more – essentially stealing the victim’s “entire digital life.”
To combat this threat, Apple developed Stolen Device Protection in iOS 17.3.
How Does Stolen Device Protection Work?
Stolen Device Protection is an opt-in security feature located in Settings => Face ID & Passcode. When enabled, it adds biometric authentication requirements (Face ID or Touch ID) for sensitive actions, even if the thief has your passcode.
There are two tiers of protection:
1. Basic Protection
Actions like viewing passwords, applying for an Apple Card, erasing your iPhone, and using Safari payment methods will require biometric unlock. Your passcode is no longer sufficient.
2. Enhanced Protection
For especially sensitive actions like changing your Apple ID password, Stolen Device Protection imposes an additional one-hour security delay. You must authenticate with Face/Touch ID, wait one hour, then re-authenticate.
However, there is no delay when your iPhone is in familiar locations like home or work. Your iPhone determines “familiarity” automatically based on past unlock history.
When Does Stolen Device Protection Apply?
Stolen Device Protection only applies when your iPhone is in an unfamiliar location, signifying possible theft. If unlocked at a familiar location like home or work, only your passcode is needed for full access.
What Actions Does Stolen Device Protection Protect?
According to Apple’s iOS 17.3 beta release notes, Stolen Device Protection applies to the following actions:
- Viewing passwords stored in iCloud Keychain
- Applying for a new Apple Card
- Viewing and using Apple Card information
- Turning off Lost Mode
- Erasing all content and settings
- Removing device management (MDM) profiles
- Using payment methods saved in Safari
- Setting up new devices using device-to-device migrations
Apple says more actions will be protected in the future.
Does Stolen Device Protection Prevent All Unauthorized Access?
No. Stolen Device Protection does not prevent thieves from unlocking your iPhone if they have your passcode. They can still access any apps lacking secondary authentication. Email accounts without two-factor authentication also remain vulnerable.
So while far from foolproof, Stolen Device Protection meaningfully improves iPhone security from passcode theft. It prevents thieves from fully compromising your Apple ID, iCloud Keychain, and iPhone access.
When Will “Stolen Device Protection” Officially Launch?
Stolen Device Protection debuted in the iOS 17.3 beta released to developers on December 12th, 2023.
The feature will likely launch publicly with the iOS 17.3 stable release in early 2024. Any iPhone model running iOS 17 will support it.
How to Enable Stolen Device Protection
Enabling this new protection is simple. Just head to Settings => Face ID & Passcode => Turn on Stolen Device Protection. iOS 17.3 beta testers are prompted to enable the feature after installing the beta.
Stolen Device Protection offers important new protection against iPhone passcode theft. By requiring biometric authentication for sensitive actions, it prevents thieves from fully compromising your Apple ID, iCloud Keychain, and iPhone access. While not infallible, it meaningfully improves security. Anyone with an iPhone should enable this feature when it officially launches in early 2024.