iOS 26.4: Stolen Device Protection Enabled by Default
Starting with iOS 26.4, Stolen Device Protection will be enabled by default and turned on for all iPhone users.
[…]
Stolen Device Protection requires additional authentication through Face ID or Touch ID to access certain iPhone features like the Passwords app, Lost mode in Find My , Safari purchases, and more. Some features are disabled entirely without authentication, while others have a one-hour security delay.
[…]
Prior to iOS 26.4, Stolen Device Protection had to be enabled manually in the Face ID and Passcode section of the Settings app. There is an option to remove security delays when the iPhone is in a familiar location, which allows full functionality at home but protection when out and about.
Based on the screenshot, it looks like Stolen Device Protection is not actually enabled by default; rather, iOS strongly encourages you to opt in by forcing you to either tap a giant blue Turn On button or some little blue text, which doesn’t even look like a button, that says Not Now.
I plan to opt out because of my prior bad experience with iOS inappropriately locking me out and the familiar location safety feature not working properly. I think it’s more likely to burn me than save me. I might feel differently if I had important passwords in iCloud Keychain. I think I’d rather see an option to require a longer passphrase to unlock Apple’s password manager.
Previously:
- iOS 17.6 and iPadOS 17.6
- Janky Apple ID Security
- Stolen Device Protection in iOS 17.3
- iPhone Thieves Locking Users Out of Their Apple Accounts
- Changing Apple ID Password Using Only a Device and Passcode
- Opting Out of Sharing Siri Audio Recordings
- No Thanks vs. Later
2 Comments RSS · Twitter · Mastodon
The screenshot also says it's "ready for testing." I'm not sure the screenshot is relevant to the rest of the story, other than being what the enrollment screen looks like or looked like at one time.
All of this would be a complete non-issue if they would just, at least optionally, disable the ability for an iPhone passcode to reset an Apple ID password. For all their supposed security consciousness that is the most ass-backward way to do it.
I completely understand why they do it, it's convenience over security for the millions of people that don't even know what an Apple ID is but know they have to have one or their iPhone won't do anything. So their password manager is to reset the password every single time because they can remember a six digit pin (and dragging them kicking and screaming from four digits was bad enough.)
But they have lockdown mode and advanced data protection mode etc, let people opt out of that and then this won't be a problem.
