So, turned on device encryption because it's company policy that portable devices containing sensitive data have to be encrypted. So now it prompts me for my password during start up. All well and good. But now I'm trying to figure out how to change my password. In the security settings, clicking on the encryption area does nothing. Not critical now but sooner or later I will need to change that password or if I sell the device, probably decrypt it first.
Not a word about encryption in the manual. Anyone have any idea on how to change that password? Will a factory reset result in a decrypted device?
Edit: Ok, turns out the startup password after encryption is the same as the screen lock password.
Related
Hi,
I have CM10 running on my rooted Galaxy Nexus and I just enabled the disk encryption. However, I can't find any options what happens after a few failed attempts? I would like to reset and wipe my phone so that it will be usable, but without any of my data. Cerberus is flashed, so I think I'll have a better chance at recovering my phone if it's usable and not completely locked.
I have set a profile with tasker + secure settings to shutdown after 3 failed PIN attempts (which is different than the encryption password), so I should be save there and a thief would be forced to guess my much safer encryption password.
I know that I can do it with cerberus, but only manually.
Bonus point: Is there any possibility to use a pattern instead of a PIN for the display lock? It's unavailable after encrypting..
Nobody?
Hi,
I just bought Samsung Galaxy Note 3 and want to setup it like my old Galaxy Nexus. Also I want to stay with fully stock ROM for a while so I need to perform everything without root.
I need encryption set on my phone. Problem was that for some reason Samsung ROM does not allow PIN unlock on encrypted device. Password wasn't convenient so I searched for workaround for this.
Solution was to install Tasker+Secure Settings and change lock type to PIN just once. Everything was perfect, PIN lock was set permanently. BUT, when I rebooted the phone I wasn't able to decrypt storage with old password. My device can be only decrypted with new PIN now.
How the hell that could be? I believed that when I set encryption password it will be used for decryption. Obviously for me now, it's not.
My question is: what encryption key is used for data decryption in Android? You can change password or PIN and decrypt device with it easily. In other words: what data (encryption key) should be hacked in order to decrypt the phone and where is it?
What options are almost as secure as "secure startup" (PIN on boot)? How close?
So I have a bootloader unlock, TWRP'd HTC 10 and I know that the Nexus 6P and many newer devices allow you to enable secure startup. When you set security to PIN, MM asks you if you want to require the PIN to boot the device. If you say yes, during boot the number keypad will be presented and you have 30 tries to enter the right PIN or it erases your device. Unfortunately, with this option enabled when I flash themes (tried different ROMs, different sources), it almost always hangs just before presenting this keypad with a message that says "Preparing Settings". The screen is normal with secure startup, but after a time it proceeds to the keypad. Anyway, I want to be secure so I've left it enabled and then I forget, flash a theme, and bang - phone is screwed up.
I believe that if I don't enable this then the data system is encrypted, and I know when I boot into TWRP it asks for a PIN to decrypt and mount data. If I encrypt my SD and store the TWRP backups there, (or password protect the backups) wouldn't that protect me from someone getting into one of those? At least the data partition? And any malcontent couldn't generate a new one including data to browse because they wouldn't be able to mount data in the first place without the PIN, right? If all this is true then I'm not sure what they could get with just the system partition (and boot and recovery of course)...
Can anyone shed light onto whether secure startup is really buying me anything with these other precautions in place, and if you think secure startup is worth it? Thanks!
If I had to be flat out honest. I personally think that is over kill. People are not after the data on the device and cant get past a simple password lock.
90% of the time the device is wiped before it is ever booted completely after it is stolen.
Hi all,
I just tryed to add a company account to my phone. During this process I was asked to add a new Administrator. Just after confirm, the phone unmonted the SD card and wanted to encrypt the phone. How to reverse?
The phone is still not encrypted and I don't want the encryption. But I cannot mount my SD card without encryption and I cannot change any security setting (only password is available as lock screen - till now I have a PIN). And, I cannot clear the certificate memory (Clear credentials is grayed).
I removed the exchange account, but this does not help.
I'm using a stock GT-I9506 with 5.0.1
Thanks for any help.
solved
I fount the solution. After selecting password as lock screen I started the encryption. During the last confirmation I aborted. After that all was like before.
Hi everyone,
A month ago, I encrypted my phone (Galaxy S5 Plus - kccat6) currently under LineageOS 15.1 (Android 8.1.0) and TWRP 3.2.3-0.
Normally, after the encryption, when I started my phone, I would get a password request to decrypt my phone before launching Android. Access to TWRP was also password protected.
However, for a week now, for no apparent reason, I no longer have any password requests at startup and TWRP no longer asks for a password either.
In the "Security and Confidentiality" section, under "Encryption and identifiers", the phone is always indicated as encrypted... so it's impossible to request the encryption of my data again. At the same time, when I use Trust (integrated with LineageOS), it says "Encryption : Disabled".
I don't understand it. I did nothing in particular to have the encryption deleted.
Do you have any idea what to do to recover the encryption on my phone? And eventually why I may have lost the encryption?
Thank you in advance
OK I found a solution. It seems that it's a bug well known since many versions of Android. Strange that it has not been corrected...
Here's what helped me to fix the problem (found here : https://issuetracker.google.com/issues/37010136 )
How to reproduce:
1. Go to Settings -> Accessibility -> Switch Access
2. Enable Switch Access service
3. Go to Security -> Screen lock
4. Incorrect warning text appears under Pattern, PIN, and Password options
How to fix
1. Go to Security -> Screen lock
2. Select one of Pattern, PIN, and Password options
3. Select "Require pattern to start device" on the next UI
4. Finish setup
5. Go to Settings -> Accessibility -> Switch Access
6. Enable Switch Access service
7. Incorrect text ("If you turn on Switch Access, your device won't use your screen lock to enhance data encryption") on the prompt. It's incorrect and misleading because "Require pattern to start device" is already set and screen lock will apear on start up.
Click to expand...
Click to collapse