How to use Stolen Device Protection
Stolen Device Protection is a feature Apple hopes will prevent the total loss of an Apple ID if an iPhone and passcode are stolen. Here's how to get it set up.

How to use Stolen Device Protection
Previously, a thief could learn a person's passcode through social engineering or spying, steal the person's iPhone, and quickly lock the person out of their Apple ID. After reports of such problems got out, Apple worked on a feature to help mitigate the risk of total loss after an iPhone was stolen.
As of iOS 17.3, Apple has provided users with a way to mitigate the threat of total loss of an Apple ID. A thief can no longer access critical information or change passwords without biometric authentication by enabling Stolen Device Protection.
How to enable Stolen Device Protection
There are some caveats to Stolen Device Protection, but we'll get into that in a moment. For now, here's how to enable the feature.
- Open the Settings app and tap on "Face ID & Passcode"
- The toggle for Stolen Device Protection is about midway down the page
- Toggle the feature on and read through Apple's prompts about the feature
That's it -- Stolen Device Protection is on. However, what that toggle changed across iOS is much more complicated.
From our use of the feature, users shouldn't notice any difference in how their iPhone operates day to day. This is especially true when in significant locations like work or home where the feature isn't active.
What Stolen Device Protection does
Stolen Device Protection removes passcode fallback when accessing critical portions of Apple ID or device settings. It also implements a security delay when a user attempts to alter especially sensitive information like an Apple ID password.
Normally, certain actions will prompt the user for Face ID or Touch ID. If those biometrics fail to authenticate, the user is then prompted for a passcode.
When Stolen Device Protection is enabled, the following requires biometric authentication with no passcode fallback:
- Using passwords or passkeys saved in Apple Passwords
- Applying for a new Apple Card
- Viewing the Apple Card virtual card
- Turning off Lost Mode
- Erasing all content and settings
- Take certain Apple Cash and Savings actions in Wallet
- Using payment methods saved in Safari
- Using your iPhone to set up a new device
That means a thief with your iPhone and passcode could not access these settings. Any one of these settings could lead to significant financial loss or compromise of the user's Apple ID.
Features not mentioned in the above list will still have a passcode fallback option, like authenticating Apple Pay. However, FDIC insurance will cover fraudulent charges if a thief uses Apple Pay.

Stolen Device Protection one-hour delay
Apple adds another layer of protection for especially sensitive settings and controls -- a one-hour delay. If the user is outside of a trusted location and attempts to alter the following settings, a biometric scan followed by an hour delay and another biometric scan occurs.
- Changing your Apple ID password
- Updating Apple ID account security settings, like removing a trusted device, trusted phone number, Recovery Key, or Recovery Contact
- Changing your iPhone passcode
- Adding or removing Face ID or Touch ID
- Turning off Find My
- Turning off Stolen Device Protection
Trusted locations are learned by the iPhone and are not user-addressable. Significant locations like home and work are used as exemptions for Stolen Device Protection.
The one-hour delay ensures that even if a thief can trick the user into the initial biometric scan, it would be incredibly unlikely the user would still be available for a second scan an hour later. Alternatively, if a thief learned the user's home address and attempted to drive there to make changes without a delay, the user would have enough time to activate Lost Mode.
Stolen Device Protection won't prevent your iPhone from being stolen, but it might keep your Apple ID, passwords, and finances safe from thieves. AppleInsider highly recommends activating the feature.
Read on AppleInsider
Comments
No it cannot. There is a separate passcode to reset screen time which makes it more secure. That is the whole purpose - one passcode to enter into your phone, another separate passcode to reset important settings such as the phone passcode, turn off find my iphone, ....
Surely that’s exactly when you want to know where it is to track who has stolen it?
I have yet to see a clear explanation by someone who really understands both of these security measures, how they actually function and how they compare.
I understand both of these features completely and can break down any aspect if you're still confused. Do not rely on Screen Time to protect your Apple ID, it will fail.
I understand both of these features completely and can break down any aspect if you're still confused. Do not rely on Screen Time to protect your Apple ID, it will fail. Thank-you. This makes it clear. I think it would be very helpful if a comprehensive explanation were published separately detailing exactly how each security measure works, how they compare, and why the new one is preferable. Such an explanation does not seem to be available anywhere online, even on the Apple website, and would help at least a few people to make an informed decision about the issue.
If you use your iPhone to change your Apple ID password, the location of your devices may not be visible at iCloud.com for a period of time.
Is this related? Perhaps Apple don't want a stalker to follow you home and unlock at a significant location?
If a frequently visited location, like for example a post-secondary classroom is recognized as a significant location, then the phone is as defenceless as it would be without the protection. Do I implicitly trust everyone in my Social Studies classroom? Is everyone there even a registered student?
I don't speak for myself, but for my nephew who is in a post-secondary studies programme.
Or is it possible, for example for the metro station I use almost every day to become a significant location? I certainly don't automatically trust anyone there.
Perhaps there is a way to "turn off" some frequently visited locations, but I don't see it. The intent of Stolen Device Protection is good, but I don't think it has been appropriately thought out but has kind of been rushed to market in order for Apple to look good, but not necessarily to give truly reliable protection.
The more I look at this feature, the worse it seems to get!