There’s a new feature heading to iOS 17.3 after the New Year that will make it harder for someone to shoulder-surf your passcode and change your Apple ID on you. This is directly aimed at the vulnerability Joanna Stern wrote about in the Wall Street Journal. The new feature will require Face ID to get to saved passwords, and changing your Apple ID password will be subject to a security delay unless you do it from a familiar location, like home or work.
You’ll need to turn it on when it ships, but my initial take is that it seems like the right balance of security and convenience. I doubt we’ll see 17.3 before February.