Imagine this scenario: Your iPhone has been stolen, and the thief knows your passcode. They now have access to confidential information and can make unwanted changes on your phone, even if you’ve protected your phone with Face ID or Touch ID.
This type of scam made headlines a few years ago after The Wall Street Journal reported on thieves targeting inebriated bar patrons. After watching someone enter their passcode, the thief would steal the iPhone, log in, change the iCloud password, and loot the banking apps on the phone. Without iCloud access, a victim couldn't remotely brick or reset their phone from afar; many lost thousands of dollars in a matter of minutes.
In response to that reporting, Apple added a new security feature called Stolen Device Protection. Introduced with iOS 17.3, it prevents unauthorized access to key data or changes to your iPhone by requiring authentication only through Face ID or Touch ID. It also introduces a security delay that stops would-be attackers from changing your iCloud credentials.
The only issue? You have to set it up manually. However, the latest iOS beta suggests that Stolen Device Protection will be enabled by default in iOS 26.4, offering more protection if your device is snatched. So what is it, and should you keep it turned on?
What Is Apple's Stolen Device Protection?
Under normal circumstances, your passcode serves as a fallback when Face ID or Touch ID is unavailable. But this means that if someone has the passcode, they can get past the biometric authentication on your device. With Stolen Device Protection enabled, Face ID or Touch ID is required, and a passcode is no longer an option.
The feature kicks in when you attempt any of the following actions:
Use passwords or passkeys saved in Keychain.
Use AutoFill payment methods saved in Safari.
Turn off Lost Mode.
Erase all content and settings.
Apply for a new Apple Card.
View the virtual card number of your Apple Card.
Take certain Apple Cash and Savings actions in Wallet, such as transfers.
Use your iPhone to set up a new device (for example, Quick Start).
Now, if someone obtains your passcode but fails the biometric authentication, they can't perform any of these actions. To ease this process for the actual owner, the protection feature only goes into effect if your iPhone is in an unfamiliar area, meaning you’re not at home, work, or another registered location.
What Is Security Delay?
To further protect your phone, the Security Delay component forces you to wait before you can make critical changes to your phone. Here, you must authenticate the action you wish to perform with Face ID or Touch ID, wait an hour for the delay to end, and then authenticate with Face ID or Touch ID again.
Security Delay activates if you try to perform any of the following actions:
Change your Apple ID password.
Sign out of your Apple ID.
Update account security settings, including trusted devices, Recovery Key, or Recovery Contact.
Add or remove Face ID or Touch ID.
Change your iPhone passcode.
Reset All Settings.
Turn off Find My.
Turn off Stolen Device Protection.
Security Delay goes into effect only if your iPhone is in an unfamiliar location. The idea here is to prevent a thief from making key changes to your account by giving you enough time to log in from another device and mark your phone as lost or stolen.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
How to Enable Stolen Device Protection
Before iOS 26.4, you'd need to set up Stolen Device Protection by going to Settings > Face ID & Passcode or Touch ID & Passcode. Enter your passcode, then swipe down the screen to the Stolen Device Protection section and tap the Turn on Protection link.
(Credit: PCMag / Apple)
If you're running the iOS 26.4 Beta 1 for developers, this feature will be enabled by default. You can install the beta from Settings > General > Software Update on your iPhone. Tap Beta Updates and set it to iOS 26 Developer Beta, then let the new beta download.
Before you do this, understand that these developer betas are more unstable and less reliable than standard updates (or even public betas). Your best bet is to install the beta on a spare iPhone, rather than your primary device.
Recommended by Our Editors
After the update, expected in late March or April, go to Settings > Face ID & Passcode or Touch ID & Passcode, then enter your passcode. Swipe down the screen to the section for Stolen Device Protection, and you should find that the feature is already enabled.
Set Up Your Home or Work Addresses
To ensure that Stolen Device Protection activates only in unfamiliar locations, your phone relies on the Home and Work locations set up in your contact card in the Contacts app. Those locations are then linked to the Maps app, which relies on GPS to determine when you’re at home, work, or somewhere else. This is a great time to also manage your precise location tracking settings.
If you haven’t already set this up, open the Contacts app, tap your contact card at the top of the screen, and then tap Edit > Add address. By default, the address points to Home, but you can tap the entry and change it to a different label, such as Work, School, Other, or a custom label. Ideally, you’ll want to set up locations for Home and Work or Home and School. Enter your street address, city, state, and ZIP code. When finished, tap Done.
(Credit: PCMag / Apple)
How Stolen Device Protection Works
After setting up Stolen Device Protection and your addresses, the feature should work. For example, if you have an Apple Card and try to view your virtual card number, you won't be able to see it unless you use the Face ID or Touch ID authentication prompt. From now on, the phone will only fall back to the passcode prompt if you're in a registered excluded location.
Security Delay will be up and running too. If you try to sign out of your Apple ID, remove Face ID or Touch ID, change your passcode, or turn off Stolen Device Protection itself, you'll need to authenticate via Face ID or Touch ID. Passcode verification will only appear if you're in an excluded location.
(Credit: PCMag / Apple)
To make a change while Security Delays is active, you'll need to tap the Start Security Delay button. After the hour is up, only then can you use biometric authentication and make changes. With this enabled, the passcode prompt should never appear.
(Credit: PCMag / Apple)
About Our Expert
Lance Whitney
Contributor
Experience
I've been working for PCMag since early 2016 writing tutorials, how-to pieces, and other articles on consumer technology. Beyond PCMag, I've written news stories and tutorials for a variety of other websites and publications, including CNET, ZDNet, TechRepublic, Macworld, PC World, Time, US News & World Report, and AARP Magazine. I spent seven years writing breaking news for CNET as one of the site’s East Coast reporters. I've also written two books for Wiley & Sons—Windows 8: Five Minutes at a Time and Teach Yourself Visually LinkedIn.
I've used Windows, Office, and other Microsoft products for years so I'm well versed in that world. I also know the Mac quite well. I'm always working with iOS, iPadOS, watchOS, and Android on my various mobile devices. And these days, I write a lot about AI, so that's become another key area for me.
My wife always jokes about all the tech products we have around the house, but I manage to put them to good use for my articles. I like Lenovo computers, so I own a couple of Lenovo desktops and several laptops. I have three MacBooks and a Mac mini. For my mobile life and work, I use an iPhone 16 Pro, iPad Pro, and iPad mini as well as an Apple Watch. But since I write about Android, I own several Android phones and tablets. Like any tech person, I have a cabinet full of cables, wires, and assorted mysterious gadgets. And when it's time to take a break from writing, I have an old Xbox 360 and Nintendo Wii, both of which I use for exercise and fitness games.
English (US) · 
