Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Guide
Tom’s Guide
Technology
Alan Martin

iOS 17.3 has new stolen iPhone protection — how it’s different from Find My

Finger typing passcode into iPhone screen.

Earlier this week, it was revealed that Apple is rolling out extra protections against iPhone thieves in the next update to iOS 17. It’s a direct, if slightly belated, response to a spate of iPhone thefts that rely on knowing a user’s passcode, which made headlines back in February.

You may be scratching your head and wondering how it’s different from Find My — Apple’s system for tracking down missing devices. 

The short answer is that Stolen Device Protection closes a loophole that thieves were exploiting to get around systems like Find My. But to fully understand the difference, you need to know about the loophole Apple is attempting to close…

How iPhone thieves block Find My

Apple’s Find My network is a useful way of tracking down lost or stolen devices. Once enrolled, you can log in with your Apple ID in any web browser and track down a real-time location for your AWOL iPhone, because it’s registered to you. 

That sounds foolproof, but the passcode theft scam found a weak point in Apple’s security: namely that if you have an iPhone’s passcode — obtained via shoulder surfing, say — you can change the Apple ID password. 

And if a thief changes the Apple ID password, then they can quickly change the associated email address and lock the original owner out of their account. That not only means losing access to your iPhone, but your cloud storage and — crucially — the Find My iPhone system. After all, as far as Apple is concerned, if you don’t know the password to an account then you can’t be the true owner.

The problem is that Apple doesn’t just want to just block people being able to change their Apple ID password on the iPhone with their passcode. After all, the main reason anyone would want to change a password is because they’ve forgotten it, so being able to prove ownership via a device and its passcode feels like a good compromise. But obviously it’s an imperfect one if your passcode has been stolen.

The changes with iOS 17.3 are an attempt for Apple to square this circle. 

How Stolen Device Protection works

(Image credit: Shutterstock)

Stolen Device Protection, once opted in, doesn’t block your ability to change your Apple ID password, but it does make it significantly harder for an opportunistic thief to do so.

It kicks in when you’re not in a familiar location — your home or workplace — and essentially makes the iPhone a bit more skeptical about attempts to change the password or do anything that a thief might attempt.

So if somebody tries to change your Apple ID password when not in your home or office, the iPhone will first require Face ID or Touch ID to begin the process rather than just a passcode. It will then make you wait an hour before you can actually make the password change, and you’ll need to confirm it with another biometric check. Even if a thief can somehow get past the biometrics, you’ll have a 60-minute head start to access the Find My network and remotely lock your iPhone.

Other risky activities — adding a new Face ID, disabling Find My, enabling a recovery key, etc. — have the same protections in place, while less suspect but still risky activities (e.g: accessing Keychain) require biometrics without the wait. 

It’s certainly a better system than what’s available now, so we strongly advise readers opt into it when it becomes available with iOS 17.3. 

More from Tom's Guide

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.