How to use Stolen Device Protection

How to use Stolen Device Protection

Previously, a thief could learn a person's passcode through social engineering or spying, steal the person's iPhone, and quickly lock the person out of their Apple ID. After reports of such problems got out, Apple worked on a feature to help mitigate the risk of total loss after an iPhone was stolen.

As of iOS 17.3, Apple has provided users with a way to mitigate the threat of total loss of an Apple ID. A thief can no longer access critical information or change passwords without biometric authentication by enabling Stolen Device Protection.

How to enable Stolen Device Protection

There are some caveats to Stolen Device Protection, but we'll get into that in a moment. For now, here's how to enable the feature.

• Open the Settings app and tap on "Face ID & Passcode"
• The toggle for Stolen Device Protection is about midway down the page
• Toggle the feature on and read through Apple's prompts about the feature

That's it — Stolen Device Protection is on. However, what that toggle changed across iOS is much more complicated.

From our use of the feature, users shouldn't notice any difference in how their iPhone operates day to day. This is especially true when in significant locations like work or home where the feature isn't active.

What Stolen Device Protection does

Stolen Device Protection removes passcode fallback when accessing critical portions of Apple ID or device settings. It also implements a security delay when a user attempts to alter especially sensitive information like an Apple ID password.

Normally, certain actions will prompt the user for Face ID or Touch ID. If those biometrics fail to authenticate, the user is then prompted for a passcode.

When Stolen Device Protection is enabled, the following requires biometric authentication with no passcode fallback:

• Using passwords or passkeys saved in Apple Passwords
• Applying for a new Apple Card
• Viewing the Apple Card virtual card
• Turning off Lost Mode
• Erasing all content and settings
• Take certain Apple Cash and Savings actions in Wallet
• Using payment methods saved in Safari
• Using your iPhone to set up a new device

That means a thief with your iPhone and passcode could not access these settings. Any one of these settings could lead to significant financial loss or compromise of the user's Apple ID.

Features not mentioned in the above list will still have a passcode fallback option, like authenticating Apple Pay. However, FDIC insurance will cover fraudulent charges if a thief uses Apple Pay.

Apple adds another layer of protection for especially sensitive settings and controls — a one-hour delay. If the user is outside of a trusted location and attempts to alter the following settings, a biometric scan followed by an hour delay and another biometric scan occurs.

• Changing your Apple ID password
• Updating Apple ID account security settings, like removing a trusted device, trusted phone number, Recovery Key, or Recovery Contact
• Changing your iPhone passcode
• Adding or removing Face ID or Touch ID
• Turning off Find My
• Turning off Stolen Device Protection

Trusted locations are learned by the iPhone and are not user-addressable. Significant locations like home and work are used as exemptions for Stolen Device Protection.

The one-hour delay ensures that even if a thief can trick the user into the initial biometric scan, it would be incredibly unlikely the user would still be available for a second scan an hour later. Alternatively, if a thief learned the user's home address and attempted to drive there to make changes without a delay, the user would have enough time to activate Lost Mode.

Stolen Device Protection won't prevent your iPhone from being stolen, but it might keep your Apple ID, passwords, and finances safe from thieves. AppleInsider highly recommends activating the feature.