I don’t get the premise of this new feature. Let’s assume most iPhones currently work with Face ID or Touch ID. So the user doesn’t enter a passcode to unlock their iPhone. How would the thief see their passcode??
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS 17.3 Beta Adds New Stolen Device Protection Feature to iPhone
- Thread starter MacRumors
- Start date
- Sort by reaction score
the issue is until now, you didnt need that to change your password - all you needed was a 4 digit pin, and open the settings app, iCloud / change my password. there was no 2nd verification. It was assumed your phone was secure. hence a 4/6 digit passcode glanced by at a bar was able to render not only your iCloud info vulnerable, but also every app (including banking) on your phone, as most 2 step auth sent texts to...the phone in the thief's hand
Someone could offer to help take that group photo, then initiate and cancel a shutdown before handing back the phone, forcing the owner to enter their passcode.
One could (for quite a while now) setup a screen time restriction and a secondary passcode to lock out passcode or account changes.
I have had this on devices for quite some time now.
Me too, but there were some circumstances where a clever thief could have gotten around that (to do with disabling the screen time passcode IIRC). The new beta feature to protect stolen devices is hugely reassuring.
Excellent! Just keep making it tighter.
The first iOS 17.3 beta rolling out to developers today includes a new "Stolen Device Protection" feature that is designed to add an additional layer of security in the event someone has stolen your iPhone and also obtained the device's passcode.
Earlier this year, The Wall Street Journal's Joanna Stern and Nicole Nguyen reported about instances of thieves spying on a victim's iPhone passcode before stealing the device, often in public places like bars. The thief can then reset the victim's Apple ID password, turn off Find My, view passwords stored in iCloud Keychain for banking and email accounts, and more. All in all, the report said thieves can essentially "steal your entire digital life."
When Stolen Device Protection is turned on, Face ID or Touch ID authentication is required for additional actions, including viewing passwords or passkeys stored in iCloud Keychain, applying for a new Apple Card, turning off Lost Mode, erasing all content and settings, using payment methods saved in Safari, and more. No passcode fallback is available in the event that the user is unable to complete Face ID or Touch ID authentication.
For especially sensitive actions, including changing the password of the Apple ID account associated with the iPhone, the feature adds a security delay on top of biometric authentication. In these cases, the user must authenticate with Face ID or Touch ID, wait one hour, and authenticate with Face ID or Touch ID again. However, Apple said there will be no delay when the iPhone is in familiar locations, such as at home or work.
The opt-in feature can be found in the Settings app under Face ID & Passcode → Stolen Device Protection. iPhone users who update to the iOS 17.3 beta will be prompted with the option to test a preview of the feature following installation, but Apple said this screen will not be shown to users who install the public version of iOS 17.3 coming later.
Actions that will require Face ID or Touch ID authentication when the feature is turned on:
Actions that will require Face ID or Touch ID authentication and have a one-hour security delay when the feature is turned on:
- Viewing/using passwords or passkeys saved in iCloud Keychain
- Applying for a new Apple Card
- Viewing an Apple Card virtual card
- Turning off Lost Mode
- Erasing all content and settings
- Taking certain Apple Cash and Savings actions in Wallet
- Using payment methods saved in Safari
- Using your iPhone to set up a new device
Apple said it plans to share additional documentation about Stolen Device Protection over time to clarify how the feature works. The option will be available on all iPhone models that are compatible with iOS 17, including the iPhone XS and newer. iOS 17.3 will likely be released to the public in January or February.
- Changing your Apple ID password
- Updating select Apple ID account security settings, including adding or removing a trusted device, trusted phone number, Recovery Key, or Recovery Contact
- Changing your iPhone passcode
- Adding or removing Face ID or Touch ID
- Turning off Find My
- Turning off Stolen Device Protection
Article Link: iOS 17.3 Beta Adds New Stolen Device Protection Feature to iPhone
yes, and this has been my biggest gripe with face id, which i otherwise enjoy, that hasn’t been solved since the iphone x. i pick up the phone, for example from the car cup holder, walk to my destination with the phone in my hand, and when i actually want to use it, it’s locked because of those alleged failed attempts, forcing me to enter my passcode in a public place.
placing a finger on the touch id sensor is a much more deliberate action, so i never was accidentally locked out because of an unintentional unlock attempt, the way moving the phone around does to face id (i assume this is also why apple pay and purchases require double clicking the side button in addition to face id).
i really wish they found a way to detect i’m just moving around as opposed to trying to unlock the phone and failing, just to avoid having to enter the passcode in public.
Because people are having their iPhone stolen and being forced to reveal the passcode at knifepoint. There are various reports of this online.
I feel bad for those assailants when they meet someone with a superior skill set. Have these people never heard of the concept of superior skill set?
My understanding is that a thief at your (actual or ficticious) home would be prevented from gaining access to your iPhone's sensitive settings with the Stollen Device Protection feature enabled. In this situation, biometric authentication will remain a requirement - even when the phone is at a trusted location and the thief knows the iPhone's passcode.
CAUTION: I was in the process of moving when I applied the update. It went; shall we say sideways.
Face ID & Passcode has disappeared as an item in the Setup menu. I'm unable to access my Apple ID or iCloud. In spite of the fact that Apple says there is a one hour security delay involved if you are at an "unfamiliar location." It's been a day and a half with no change. I have yet to hear back from Apple.
Face ID & Passcode has disappeared as an item in the Setup menu. I'm unable to access my Apple ID or iCloud. In spite of the fact that Apple says there is a one hour security delay involved if you are at an "unfamiliar location." It's been a day and a half with no change. I have yet to hear back from Apple.
I can see this as a risk if you enabled stolen device protection without verifying both your FaceID and residence location via GPS is working correctly. The weak link here is your no longer at your original residence, can you go back there to see if that unlocks it? How about checking with Apple concerning updating your residence location?
It happened on my MacBook after decorating, the Touch ID wouldn't accept my fingerprint for several days..
Yikes that video is wild! Handing someone else a phone, let alone entering the passcode in their presence is inconceivable to me. Shoulder surfing for passcodes to gain access terrifies me too, which is why I avoid entering it in public as much as possible, and is also why I hate the fact that Face ID so often locks up when it confuses moving the phone around with a failed unlock attempt. I really wish Apple fixed that problem that’s been around since the iPhone X.
About the feature, if it’s off by default, I agree the usage will be low simply because most users won’t know better.
Other than that, I feel like the hassle and inconvenience of potentially losing an Apple ID along with anything in the account (photos, media and app purchases, emails), not to mention having to call all the banks to sort out the drained accounts and credit cards far outweigh any inconvenience of enabling this feature.
It’s just a phone, folks.. stop putting your entire life in it. I don’t even carry my phone with me half the time when I leave the house.. nothing in life is that important that it can’t wait until I get back home.
Less of an issue with stolen device protection turned on.