Apple has incorporated a new security feature in iOS 17.3 Beta that aims to reduce the frequency of account takeovers and other account breaches. The feature — called ‘Stolen Device Protection’ will require FaceID or TouchID to access more sensitive areas of the phone such as account settings, viewing passwords in iCloud Keychain, switching off Find My (which is used to track down stolen devices), and password changes. It also introduces a delay of 1 hour if anyone attempts to change the owner’s Apple account password away from home.
Until that update is finalized and released to the general public, stealing a person’s PIN could be so catastrophic that all their online accounts could be taken over and robbed (in the case of bank accounts and any other accounts with financial institutions). This is because their PIN provides access to almost every part of their iPhone.
At least some of these features should be made the default in the release, but that is not expected to happen. Phones in general are vulnerable to this issue because convenience has taken precedence over security.