Hello Guy's,
we are testing the S3 for Enterprise use. We also want to use the Device Encryption Feature.
When i want to Encrypt the Device it Says i need a least a 6 Character long Password with one Number in it for the Sreen lock.
Thats maybe more Secure but a little to complicated for Every Day use.
Samsung E-Mail Support told me that is it Possible, to encrypt the Device with Pin Screen lock only.
But if i have a Screen Lock with Pin the Device won't start Encryption.
Can Somebody confirm that, or tell me what i'M doing wrong?
Basicly on my HTC Legend with ICS Custom i saw that PIN Only Encrpytion is Possible on ICS.
Regards
Steven
First off: encrypting with PIN is as secure as not encrypting at all - you really don't want to do that if you're not only using it as a gimmick but to actually keep your data save and secure.
That said, I think it's possible the same way as I did it on the S2.
With a custom app that triggers the encryption w/o forcing you to set a specific password first.
// EDIT
Connecting to an Exchange Active Sync server with a security policy set up to your needs might work as well.
Hello Hellcat,
BIG thank you for your reply. Setting a Active Sync Policy with 4 Chars allowed me to encrypt with pin.
i didn't know that Active sync is that powerfull out of the box.
The Interesting Point is that the Settings of the mobileiron device Managment Software didn't work, although i had the same settings.
I know that a 4 Char Pin ins't really secure, but it will still lockout 95% of random people how find a lost device.
And theres always a trade off between security and usability.
regards
Stefan
Kinda Sorta Similar
I normally just lurk and observe the talent around here, but I had to register to voice a kinda sorta similar issue. (watched noob video)
The balance between security and usability with the standard encryption scheme seems problematic. I'm pretty sure I have an original gameboy that can crack a 4 digit passcode, but I don't want to have to enter 20 characters every time just to unlock the screen.
I want to be able to have a strong password on boot, but have a separate weak password lock screen. I think that would fix the problem of usability while maintaining strong security. Is there anyway to do this?
Are there any groups or projects that include or work on user friendly encryption?
Related
(NO ROOTING REQUIRED. Secure Settings will encourage you to root but skip that, its not neccessary for this trick to work)
I know many, like me that is annoyed that you are FORCED to have a PIN/pattern/password lock when you use secure credentials to manage your VPN connections, and saved passwords for websites and such.
Here is the solution. It requires you to buy a specific app on market, the app is not mine, and is rather expensive, but the app is very useful for other purposes too so its really worth the money.
1: You need to gather these apps:
Secure Settings: https://play.google.com/store/apps/details?id=com.intangibleobject.securesettings.plugin (FREE)
Tasker: https://play.google.com/store/apps/details?id=net.dinglisch.android.taskerm (6$)
When you're done buying Tasker and downloading Secure Settings, do this:
Enable Device admin for Secure Settings (Settings-->Security-->Device Administrators-->check "Secure Settings").
Initalize data storage. Set the pin to 0000
To initalize data storage, you can set up a VPN connection or save a password. Data storage is successfully initalized, when you no longer can disable PIN protection. (When the topmost 3 alternatives are greyed out). If you still can disable these, data storage is not initalized and is empty.
Now go to Tasker, and set up this:
Tasks -> (+) -> name: "boot"
Add Task: Task->Wait. Set Delay to 30 seconds
Add Task: Plugins->Secure Settings. Edit. Then set Password/PIN to ENABLED, pick the radio button "Pin Code", enter the PIN 0000 in both boxes.
Add Task: Task->Wait. Set Delay to 5 seconds
Add Task: Plugins->Secure Settings. Edit. Then set Password/PIN to DISABLED.
Save the task.
Now go to Profiles, name the profile "boot", select Events->System->Device boot.
Pick the task "boot".
Save, enable tasker - done.
Reboot your phone
NOTE: The device needs about 1-2 minutes to decrypt your saved credentials at boot, during this time, attempting to access VPN settings or saved password will render a password dialog. Just cancel the dialog and wait a little bit more.
The reason you need to set a PIN to 0000 before clearing it, is so Secure Settings can save your current PIN in memory, else it wont decrypt secure storage. It takes some seconds to commit the PIN set, why you need to wait 5 seconds before clearing the PIN. When you clear the PIN after this, Secure Settings will also decrypt your Secure Storage.
The reason of waiting 30 seconds at boot is because Android is extremely busy at startup, so task executing the first 30 seconds isnt reliable, so you need to wait a little before doing anything.
Enjoy your PIN-free, Pattern free, Password free lockscreen on your VPN enabled device with saved website passwords.
(NOTE to android developers: I Really hope you do NOT do anything to this. If the user want to have unsecured credentials storage, let them have. The setup here is pretty complicated so its nothing you do at mistake and then think your phone is protected. Its not a loophole either because you need to know the current PIN/Password to set up this)
qustion re
Hey Sebastian thank you so much. This worked great for me. But I didn't really understand how all this worked.
So, I just wanted to ask you if I can remove the Tasker and the Secure Settings? If i remove them, will the VPN retain the saved login and password, and will I still be to open my phone without pin?
Thanks!
free soloution
hi
i was searching for a soloution for this problem and i found this useful topic.
http://forum.xda-developers.com/showpost.php?p=25624825&postcount=13
this is the free and easy soloution.
Thank you for saving me the trouble.
Working well your method on OS 4.2.1
Thanks Sebastian
Works a treat for me but i do have a Tasker "no active profiles" icon at the top of my note 2
any thoughts?
Thanks ... superb method and great instruction to do it .
thanks
this was bugging me for days. I tried to change locksettings.db but samsung security wouldn't let me. Also tried the forgot pattern and signing with google account method but it doesn't work after reboot. You method did the trick. thanks for the solution.
how is it supposed to work?
I followed the instructions.
However on the tasker icon in the top left I see 'No active profiles'
However I do have a profile 'on boot' like described and it is set to 'on' (green icon).
Tasker is enabled.
When I reboot the tablet (nexus 7) it still asks for the pin.
These instructions are missing acceptance criteria so not sure what should happen next.
Thanks,
G
I've been searching unsuccessfully to find an app that would require one to enter a PIN or satisfy some other security measure in order to switch off the phone; or alternatively where you can't turn off the phone when it's locked. I don't believe one exists, and would be overjoyed to be proven wrong.
This is because in the event your phone is lost or stolen, the first thing the thief or finder always does is to immediately turn off the phone. That pretty much leaves any 'Find Your Phone' feature completely useless in the immediate aftermath, which is the crucial period when it's most useful (while the thief or finder is still geographically close to you) - you have to wait helplessly until such time as they decide it's safe to turn your phone on again, by which time they'd also have pulled your SIM ... and if they'd ALREADY reformatted your phone BEFORE turning it on again, then most anti-theft apps are pretty much dead in the water.
I was thinking, that on a unibody phone where the battery can't be pulled, an "Unlock to Switch Off" used in conjunction with other security measures such as the various phone anti-theft apps out there would make an incredibly powerful and effective, TRUE anti-theft/loss phone. (Avast has a feature on rooted phones that locks the OS so you can't reformat the phone once the feature is activated or when the SIM is changed. Again, only useful if you managed to activate the feature PRIOR to them reformatting.)
I understand that this feature would probably require some form of overriding the usual hardware "hold for 10-15 secs to turn off" implementation baked into phones where the battery can't be pulled. Would this be possible without also greatly annoying someone whose phone is genuinely hung?
*BUMP*
Really, there aren't any options for this at all?
Hi,
I have just upgraded my Note2 to 4.4 - clean install. I have mostly set it up, when I noticed i requires PIN for storing a VPN connection or a CA certificate. However I was used to the gesture lock screen, but pin makes it harder to access while driving and other activities, so it's definitely not appreciated.
I have read some forums, and the general answer was to simply clear the credentials, but I want to keep my CA certificates, and my VPN connections, I just don't want this kind of security. I have also tried this: http://forum.xda-developers.com/showthread.php?t=2253123 but with no success - Sqlite manager can not find table locksettings (the other two are shown).
So, can anyone help me with this? I am definitely not using PIN, I'd rather set up some enormous timeout, which really is questionable from security point of view, but still better for me than typing that st*pid PIN each time.
I've spend hours trying to find a solution to this brutally obvious shortfall, with no luck.
There does not seem to be a secure way to lock or password protect an individual app. Sure, there are lots of app lockers out there, but they are easily defeated be just restarting the phone in safe mode where they will be disabled.
Some could argue to have a stronger lock screen, but nobody wants to input a long strong pin every single time they pick up the phone to use a text.
The ideal would be to have a simple pattern on the lock screen for basic unlocking and access to most of the system, but then have the option for a long password or pattern for the couple of sensitive apps that need it.
It seems so obvious, any reason why it doesn't seem to exist?
Fingerprint scanner is very convinient, but not that much secure as PIN or password. Is there any way (preferrably for non-rooted Pixel 6) to force my phone to periodically ask for a PIN or password to unlock (once every hour or afrer X mins of inactivity or so), but still keep a fingerprint unlock on? I know I could schedule to reboot my phone, but the phone would be unavailable during reboot (no phone calls) and I think I would need some third party app to save and restore notifications (which can be lost during reboot). Any suggestions?
My aim is to prevent someone to force me to unlock my phone with a fingerprint. They could use a force to put my finger on the fingerprint scanner, but no one can get a PIN out of my head. Yeah, I'm paranoiac - there's no need to remind me ;p
In that case, best and only solution is to stop using fingerprints. Just use pin and turn on notification history.
And what about available options for this matter on rooted phones? Is there any way to force Android to lock a phone with a PIN after X minutes? I don't want to stop using fingerprint scanner completely, but at the same time I don't want it to be the only screen unlocking option. I don't believe there's no way to accomplish this.
Alternatively I came up with an idea to make a "soft reset", kinda like on older Windows OS where instead of rebooting entire OS we could simply kill and restart explorer.exe process (I used to do that after installing some software which wanted to reboot my OS before first use). Does anyone know if such thing is possible and how to make it? I guess if it would be similiar approach to the one I used on Windows (restarting some process) then I could simply schedule some script to run every hour or so, but what that script would be?
Maybe use Tasker, and set a profile that open an app every amount of time?
I always have used this "lock" app, basically lock the phone so only with the password you can unlock it.
It's free, no ads or bs.
Lock - Apps on Google Play
Ultra-simple lock screen
play.google.com
snake218 said:
Maybe use Tasker, and set a profile that open an app every amount of time?
I always have used this "lock" app, basically lock the phone so only with the password you can unlock it.
It's free, no ads or bs.
Lock - Apps on Google Play
Ultra-simple lock screen
play.google.com
Click to expand...
Click to collapse
Thanks for suggestion, I'll check that out later, but I'm quite doubtful it'll work as the app you suggested seems to override other screen lock options, so it would switch off fingerprint scanner once activated. I'll give it a try though.
There is already a built in function called 'lockdown'. I don't know if can be triggered via Tasker though.
Choose when your Pixel phone can stay unlocked - Pixel Phone Help
You can keep your Pixel phone unlocked in some situations, like when your phone is in your pocket or connected to another device you use often. When you use Smart Lock, you only need to unlock once wi
support.google.com
Turn on lockdownImportant: Lockdown will only work until you unlock your phone. If you want keep using lockdown, turn it on each time you want to use it.
Hold the power button for a couple seconds.
Tap Lockdown. This turns off notifications, fingerprint or face recognition unlocking, and Smart Lock while on your lock screen.
Click to expand...
Click to collapse
chaimav said:
There is already a built in function called 'lockdown'. I don't know if can be triggered via Tasker though.
Choose when your Pixel phone can stay unlocked - Pixel Phone Help
You can keep your Pixel phone unlocked in some situations, like when your phone is in your pocket or connected to another device you use often. When you use Smart Lock, you only need to unlock once wi
support.google.com
Click to expand...
Click to collapse
Right, I forgot about it, but as you noticed - I also don't know if it could be triggered via Tasker. I think it's time to finally play with Tasker for a bit. Fingers crossed!
$ROGAL$ said:
Right, I forgot about it, but as you noticed - I also don't know if it could be triggered via Tasker. I think it's time to finally play with Tasker for a bit. Fingers crossed!
Click to expand...
Click to collapse
Please report back on your findings