Apple has released a new security feature called Stolen Device Protection – and you should definitely turn it on, experts say.
Stolen Device Protection “adds a layer of security when your iPhone is away from familiar locations, such as home or work,” Apple said in a message announcing the new feature.
When the protection is enabled, some features and actions will have additional security requirements when your iPhone is in an unfamiliar location.
For example, if you’re not at home or work and try accessing stored passwords or credit cards, you will only be able to do so with biometric authentication, either Face ID or Touch ID. No passcode alternative or fallback will be offered.
Apple said that this would “prevent someone who has stolen your device and knows your passcode from making critical changes to your account or device.”
When Stolen Device Protection is enabled, some critical security actions such as changing your Apple ID password will also require you to wait an hour and then perform a second Face ID or Touch ID authentication.
“In the event that your iPhone is stolen, the security delay is designed to prevent a thief from performing critical operations so that you can mark your device as lost and make sure your Apple account is secure,” Apple said.
The security update is available with iOS 17.3 and must be turned on before your phone is lost or stolen, which means you should probably do it now. To enable Stolen Device Protection, follow these steps:
- Go to Settings, then tap Face ID & Passcode
- Enter your device passcode
- Tap to turn Stolen Device Protection on or off
For the feature to work you must have two-factor authentication enabled for your Apple ID and have “significant locations” such as your work or home address set up on your iPhone’s Location Services. A device passcode is also necessary and Face ID or Touch ID, as well as Find My, must be enabled.
New feature “strong deterrent”
Stolen Device Protection provides a “strong deterrent” against thieves even if they manage to unlock the device, according to Lisa Plaggemier, executive director at National Cybersecurity Alliance, a Washington-based nonprofit.
“Enabling Apple’s Stolen Device Protection is one small but meaningful step we can take to improve mobile security hygiene,” Plaggemier said, adding it was “highly advisable” to turn on this new feature.
“For most device owners, the minimal setup effort will provide a welcome peace of mind along with extra defenses that protect sensitive personal information,” she said.
Michael Covington from Jamf, a cybersecurity company specializing in securing Apple devices, said he would also “strongly recommend” users turn on Stolen Device Protection.
The new feature is based on a “well-established security principle of trust but verify” and is important as “increasing amounts of personal and business data are processed by mobile devices,” he said.
“Without multiple layers of protection, thieves would be able to access a user’s entire digital life, from personal photos to bank accounts and emails, just with a PIN code, which is easily observed when the phone is used in public spaces,” Covington said.
