Nowadays, losing a phone means more than losing any other gadget: it can open your bank, your email, and the password manager that unlocks everything. That’s why Google is treating the possibility of someone stealing it as a form of financial fraud, and its new update is another step towards better protection if your phone disappears.
Identity Check in Android expands, and protection against brute-force guessing improves
The centerpiece is a bigger role for Identity Check, which is designed for cases where a thief has your phone and also knows your screen lock. Identity Check ties certain sensitive actions to biometrics when you’re away from “trusted places” such as home or work, so you can’t fall back to a PIN, pattern, or password. Google’s help documentation highlights protected actions such as changing your screen lock, changing biometrics, running a factory reset, turning off Find Hub, turning off theft protection features, and accessing saved passwords and passkeys in Google Password Manager.
In the January 2026 update, Google says Identity Check is expanding to cover features and apps that use the Android Biometric Prompt, including third-party banking apps and Google Password Manager. The goal is to make the stolen device far less useful: criminals might be able to unlock the screen once. However, they should hit a wall when they try to reach high-value data or weaken your defenses.
Brute-force guessing should be harder to achieve successfully. Google says it’s increasing the lockout time after failed unlock attempts, so repeated PIN or pattern guesses slow down dramatically. There’s a small usability tweak, too: identical incorrect guesses no longer count toward the retry limit.
Finally, Google is adding a bit more transparency and control. “Failed Authentication Lock” automatically locks the screen after excessive failed authentication attempts; Google says it now has a dedicated enable/disable toggle in settings. These stronger authentications are available on devices running Android 16 and higher.
These new features should protect online casino players as well. Even if your preferred platform doesn’t use the Android Biometric Prompt, the new “Failed Authentication Lock” should protect sensitive information like bank accounts, full names, or phone numbers against thieves.
Theft Detection Lock gets better with new supporting features
Prevention is only half the story. If your phone disappears, speed matters. That’s why Remote Lock is useful. Using any browser, you can go to android.com/lock, enter your phone number, complete a CAPTCHA, and trigger a lock. Once the device is locked remotely, only you can unlock it locally using the existing screen lock.
Google’s 2026 update adds a new optional security question to Remote Lock, intended to make abuse harder if someone else knows your number. In Google’s help guidance, the security question is set from the Theft protection menu and verified during setup with your PIN or biometrics; the change is part of an “enhanced recovery tools” update, available on Android 10 and up.
Remote Lock fits into a wider set of defenses Google began rolling out in 2024. Theft Detection Lock was the first security option the company presented. It uses on-device AI plus motion and context signals to detect patterns consistent with a grab-and-run theft and lock the screen quickly. Offline Device Lock adds another tripwire: if the phone goes offline for a short period while it was unlocked (often a sign someone is trying to avoid tracking), Android can lock it automatically.
If you want to check your settings now, Google’s path is: Settings → Google → All services → Theft protection. From there you can turn on Theft Detection Lock, Offline Device Lock, Failed Authentication Lock, and Remote Lock (which requires a verified phone number). If your device supports Identity Check, add biometrics and set trusted places. If your phone goes missing, lock it first, then sign in to Find My Device / Find Hub to locate, mark as lost, or wipe it, and immediately secure your accounts: starting with your Google account, your carrier SIM, and any banking or payment apps tied to the handset.
