Earlier this week, it was revealed that Apple will roll out special protection against iPhone thieves in the next update to iOS 17. This is a direct, if somewhat belated, response to the spate of iPhone thefts that made headlines in February, which relied on knowing the user's passcode.

You may be scratching your head wondering how this differs from "Find My," Apple's system for tracking lost devices.

Simply put, Stolen Device Protection closes a loophole that thieves have used to circumvent systems like Find My. But to fully understand the difference, one needs to know about the loopholes Apple is trying to close...

Apple's Find My network is a convenient way to track lost or stolen devices. Once registered, you can log in with your Apple ID on any web browser and your iPhone is registered, allowing you to locate your lost iPhone in real time.

This sounds perfect, but passcode theft scams have found a weakness in Apple's security.

And if a thief changes the password to an Apple ID, the associated email address can be changed immediately, locking the original owner out of the account. This means losing access not only to the iPhone, but also to cloud storage and, importantly, to the "Find My iPhone" system. After all, as far as Apple is concerned, if you don't know the password to your account, you can't possibly be the true owner.

The problem is that Apple doesn't just want to prevent people from using passcodes to change their Apple ID password on their iPhones. After all, the main reason anyone would want to change their password is because they forgot it, and being able to prove ownership through the device and its passcode seems like a good compromise. However, if the passcode is stolen, it is obviously incomplete.

The changes in iOS 17.3 are Apple's attempt to correct this circle.

Stolen Device Protection, once opted in, does not block the ability to change the password of an Apple ID, but makes it much harder for opportunistic thieves.

This feature is activated when you are not in a familiar location, such as at home or work, and essentially makes the iPhone a bit more skeptical of attempts to change your password or do anything else a thief might attempt.

So if someone tries to change their Apple ID password when they are not at home or work, the iPhone will first initiate the process by requesting Face ID or Touch ID instead of a passcode. They then have to wait an hour before they can actually change the password, which must be verified with another biometric check. Even if the thief somehow manages to get past the biometrics, he would still have 60 minutes to access "Find My Network" and remotely lock the iPhone.

The same protection applies to other risky activities (such as adding a new Face ID, disabling Find My, activating the recovery key, etc.), but less suspicious but still risky activities (such as accessing the Keychain) require biometric authentication without the wait time

This is currently the case.

This is certainly a better system than what is currently available, and we strongly encourage readers to opt for it when it becomes available in iOS 17.3.