Apple is taking a significant step to enhance iPhone security with the introduction of a new iOS feature, Stolen Device Protection. This update comes in response to a series of thefts where criminals have accessed victims’ accounts, personal data, and financial assets, as reported by The Wall Street Journal.

The Wall Street Journal highlighted a worrying trend in cities like New York, Chicago, and others, where thieves observed iPhone users’ passcodes before stealing their devices. These thefts led to severe consequences for victims, including loss of access to their digital lives and financial damages.

Apple’s upcoming software update will include the Stolen Device Protection feature, which users must activate. It’s designed to provide additional security layers, though it doesn’t cover all potential threats. Here’s a breakdown of how it works:

  • Apple ID password change: Without the feature, a thief could change your Apple ID password using the passcode, disabling Find My iPhone and erasing the device. With Stolen Device Protection activated, changing the Apple ID password away from familiar locations like home or work will require Face ID or Touch ID verification, followed by a one-hour delay and a second biometric confirmation.
  • Updating Apple security settings: Currently, a thief could add a recovery key using the passcode, making it impossible to reset your Apple ID using your phone number or email. Stolen Device Protection requires two biometric scans, an hour apart, to enable or change the recovery key or trusted phone number.
  • Accessing passwords in Keychain: Without the feature, iCloud Keychain passwords are vulnerable to passcode access. Stolen Device Protection mandates Face ID or Touch ID for Keychain access, rendering the passcode ineffective for this purpose.

Despite these measures, vulnerabilities remain. Thieves can still unlock your phone and access unprotected apps and accounts. To enhance security, Apple advises:

  • Keep your passcode private and use Face ID or Touch ID whenever possible.
  • Use a complex alphanumeric passcode, settable via Settings > Face ID & Passcode.
  • Add additional PINs or biometrics to sensitive apps like Venmo, Cash App, Coinbase, or Robinhood.
  • Act swiftly to remotely wipe your device via in case of theft. Regular iCloud backups are recommended.

Apple plans to encourage users to activate Stolen Device Protection upon its release, accessible under the Face ID & Passcode settings.