The Wall Street Journal reports on a spate of attacks in which iPhone thieves obtain your passcode and then change your Apple ID password, disable Find My, make purchases with Apple Pay, and more. Some attacks are as simple as the miscreants surreptitiously watching you enter your passcode; others involve violence. Read on to learn how to protect yourself.

A follow-up to the Wall Street Journal’s investigation into Apple’s problematic iPhone security design reveals that victims are being locked out of their iCloud accounts.

The Wall Street Journal reports that Apple will introduce a new feature, Stolen Device Protection, to deter the kind of significant digital damage that iPhone passcode thieves have inflicted on victims.

For additional background and color surrounding the Wall Street Journal’s reporting on iPhone passcode thefts, watch Joanna Stern’s interview with a convicted thief.

Apple has made good on its promise to add Stolen Device Protection to iOS 17.3, allowing users concerned about iPhone passcode and snatch-and-run theft to require biometric authentication and sometimes a delay to carry out critical security and financial actions. We look at what it does and doesn’t protect, how to turn it on, and who can’t use it.