Bitcoin Forum

2 days ago I got a new phone, played with it for a while, picked up my old phone and my memory went blank on what pattern I used.

I didn't realize how deep the problem was until I tried to login in Google account on new phone.

It asked for 2fa, I had aegis authenticator backed, secret key and backup codes, all on 3 separate locations , i.e, Google drive, box cloud storage, or android file manager itself.

Of course, I can't access Google drive without Google, I can't use android file manager as device is locked up. Now remains, Box cloud storage.

I signed up on Box with by protonmail account, and the passwords were in LastPass, and I had enabled 2fa on LastPass, it needed new device confirmation on my main email anyway, so I was fucked either way.

You get the gist, I had several backups BUT everything on locked device or at the locations which went through Google email.

I know now this sounds utterly stupid right now but in hindsight I thought I was secure.

---

I was on verge of getting my digital identity plus my financials wiped out.

Trying to break pattern lock

I tried several ways to break the pattern but all of them included data reset, there was one way to break it but it needed root (which I didn't do beforehand because security!) . I thought I should data reset and then do a data recovery, I just might get the files I needed but without Google account I wouldn't be able to get in at all.

Google customer support

I sent them recovery email, they said wait for 3-5 days for response. I didn't have much hope there, to be honest.

I was so privacy conscious and it bit me in the ass

- I had disabled android device manager, because I don't like turning on location and Google spying on me.

-  I had disabled recovery phone number to make myself safe from sim swapping attacks and no recovery email either.

What not to do

- Don't confuse muscle memory with repeated tries.
I had set up that pattern 4-5 months ago, and after a while it just becomes your muscle memory. I remember unlocking my phone without even looking at screen. Point is, if you forget the pattern, don't panic, it will just make the problem worse since time out increases with every wrong unlock attempt and you will confuse yourself.

After few repeated failed attempts, just take a nap and try with fresh mind, you just might get lucky and save yourself from lots of hassle.

You could also try to recognize pattern on your screen with how forensics identity fingerprints.

- Choose pin over pattern
There are infinite combinations of pattern, you just don't realize it until you forget or have backup lock (pattern + fingerprint), (pattern + pin), etc.

- Don't save everything in digital medium, have paper backups.

Happy ending

Remember the saying, sleep on problem? It really works.
I remembered (although not completely sure yet) I made backup of my passwordsafe (offline password manager) database (which had my Google 2fa key) to my pc (I had copied it sep 2018) but now my cpu was not working.

So took it to electronics guy, one said motherboard is done and we don't have same motherboard that we can put your hard disk in and let you copy the data.

So took it to another shop, he repaired it in a minute and didn't take any charge either. Guess it was really a minor problem. Remember the repair man story (https://www.linkedin.com/pulse/ship-repair-man-story-why-experts-get-paid-more-faiz-noor)?

Anyway, I got the copy of the file. Not a sigh of relief yet, because files can go corrupt, thankfully it wasn't corrupted. Now, finally a sigh of relief and a heartly thanks to the friend who was with me all the time. I have a stuttering problem so it really helps when someone is with you who can communicate better.

Fun fact: There was lightning strike during last monsoon near the place where I put the cpu cabinet, if it actually hit the cpu that time and destroyed it I wouldn't be writing this here today since this bitcointalk account would have been one of many things that I would have lost.

Is there not android cracking software now? Ive heard there's an apple one that's paid for for the latest version but open source for previous releases once they become older...

You could probably have also taken the phone to a computer hardware shop or smashed it up yourself to pull out the chip (although you'd have to be careful not to smash the chip). And providing your phone wasn't encrypted with the pattern they could've got the data.

Still sounds like a very near miss though, especially if you hadn't thought or wanted to get the phone analysed...

It was actually encrypted (one you enable in settings, most new phones come with it enabled by default).

Did you try to recover your google account with text message option?

It is possible only if you verified/added your mobile number to your google account, this looks simple way but it only work when you have the mobile number added.

---

Or else waiting for the help it the only way as you said it may take upto 5 days but still you can recover it.

I mentioned that in op already.


Yes, but it had less chances, I came across many posts in Google forum where people lost their account permanently because Google couldn't verify them with whatever measures they use.

it's very bad news, at the same time you should have multiple backups which mean in your pc, a safe cloud backup, and if you want you can write it down in a notebook, this happens to me and save my day, and a very important thing backup your phone, and make sure that your new phone can be imported to a new phone, is your authenticator connected with an exchange?

Yes, now I'm more careful, my mistake was to not have paper backup.


Yes I have 2fa enabled on several exchanges, if that's what you mean?

You managed to scare me  :D   Although I am quite a fan of safekeeping all that's possible also on paper, just in case, I do have important things not on paper (laziness? convenience?); but I guess that I'll change that.
All in all a good advice.
And I'm glad that everything has ended well on your side.


PS. I've discovered in the last year that PIN + fingerprint beats pattern by far.

Too much cloud security backfire in your story. Reading your story really gives me a headache, I mean your are in loop security for all your account and you will be in trouble in case one them is not functional because your password recovery is connected to other cloud account. This thread makes me think to check again all my backup that store on my Google drive if they are safe. LOL

Point noted on your case. Thanks for the early warning.


I believe you will solve it fast if you root your phone and used an app to remove/reset finger print pattern. Just unroot your phone and reset it once you access your Google. It will save you a lot of time and hassle.

You said you stored your info on Google Drive, Dropbox and you will be fucked again. I hope you won't but you could clear all files on Google Drive, Dropbox if they are backup of your passwords, 2FA.

Damn it, when I read this I decided to print out all my passwords from the LastPasss manager and keep them on paper in a locked drawer. So much for the new digital age and cloud storage! LOL!

I successfully recover two of my gmail account using the verification method it really takes 3 to 7 day, the trick is to remember the last password you had, and the year you created the account, to get a good chance include the exact date, that is why whenever I create a new account, the first thing that I do is to send email on one of my other email, with all the information related to the email I just created.
You must think ahead, and always think of the worst case scenario.

I also experience like this before. All of my personal details are wiped out. And the 2fa authy recory was lost I was thought that I saved it on my google spreadsheet. So I cant acess my account in exchange, they ask me to send details just like doing kyc procedure again.

What I learned is always write down your pk, 2fa recovery and put it in a safe place. As long as you still have an acess to your gmail or any cloud storage where you saved it. Please do have a double backup.

If you have only access to that locked drawer, then its ok but if anyone else in your family (siblings / wife ) can access that drawer key, then you money and accounts are still not safe.
Yes, we should think of the worst possible scenario and should have a backup plan for every situation.

Yes, now I'm done with patterns  :D


It had android 9 and yes that backup saved my ass.


Yep, Paper backups are underrated.



That's helpful, thank you!


Haha, well done!


It's box, not drop box, android cloud storage service and yes I have paper backup now.


Exactly, I can't believe how flawed my 'security' was.



Idk, to root device you need to enable USB debugging and when you got your phone screen locked you can't do that.

Really? Or I am missing to read that part again?

Please highlight or bold those part which you mentioned in OP about recovering through text message codes which will send to our mobile number.

"I had disabled recovery phone number to make myself safe from sim swapping attacks and no recovery email either."

Really? Curious to know which method the man used?

Btw what you did I also did the same before so that I can find all things on my phone. But did not face any problem like this, fortunately. Now what I think it's better always keep the keys in the paper, and yes always there are in two places. So that if you lost one in anyway you can use the other one.

I have no idea what he did.

Had I not forgot the pattern, there would have been no problem. I have changed phones multiple times, this time problem arose only cause I forgot the lock.

I don't trust patterns either. And more I stick to the entrance to the phone by fingerprint. Today's versions of android make a good reminder every few days, which asks for a PIN code. This is a good help since, in fact, the hands remember the same movements, and passwords can just fly out of your head.
But I have a different question. Have you entrusted all your confidential information on your phone? Well, suppose it is encrypted by you and is blocked at a dangerous moment. What about the banal loss of your phone? Can't you expect this?
Why don't you use ordinary flash drives, and encrypt all the information there, and let it be not one, but several of them?
I'm not being clever in any way, I just went through the whole story with the loss of the phone, on which a lot of information was saved. Since then, I've tried not to trust phones.

Thanks for sharing your problems with the community, everyone could take a lesson from here. That's the reason why I have been discouraging store your credential to the online or offline machine. I have been writing all my credentials on my daily note (paper). Once I forgot any of them including google 2FA, then I look on my note for it. A few months back I changed my phone and everything recovered from my notes. Hope you learn from your mistakes and save all your credential on hard paper.

Congrats that you still have the copy after recovering your file from the old hard drive.  I have not experienced such but I almost when I lost my phone which was used for binance and this phone is where I installed my wallet. But I do know I have a copy of my private keys in my USB drive. It's good practice to have a copy of everything.

This is one of the way to store our wallet credentials for very long term and I am also thinking about having all the important codes in a single diary or something because even though I am having codes in offline drive their lasting nature is in big question which I realized from one threads here recently.

But while writing down things on paper note books their durability is in big question. ( and security if someone stores millions worth of assets)

Your experience is very valuable to us, at least that's what I can say after you went through that mess. After I read some safety advice in your thread then I think I still have a good choice to at least not suffer the same fate as you and that is.

• Write down all credentials regarding important data on multiple flashdisk and store them safely in different places.
• Write it down on paper and make several copies and keep them safely in different places

I've been using both of these security method for a long time and it would be helpful if one of them was missing. We still can't trust all the important data on our Android phone, something can still happen with the phone and it's like being stolen or all the data is lost.

OP, your story is really scary, but at least it have good ending. After reading it, probably I should rethink how I keep my data.
Personally for me pattern is most convenient way to unlock phone, but I understand how easy to forget it, especially if you haven't used that phone for a while. Though, same can be said about PIN codes. So, because of this I use same pattern on every phone. I know it's not good idea in terms of security, but unfortunately my memory isn't good enough to remember everything. But even in worst case scenarion I would be able to unlock my phone with fingerprint.
But now I should re-consider where do I keep my backups and other sensitive files. After reading this topic I have some doubts. Thanks for sharing your experience.
I don't think that paper is more reliable than online or offline machines. If you write everything on paper, you should protect it very well. Water, fire and even sunlight is dangerous for paper. Offcourse, there is some ways how to protect your sensitive data, for example, laminate paper.

And people, especially beginners, are still messing with brainwallets, thinking that they have perfect memory and can remember long phrases for years without even practicing repeating them. Writing down some of your most critical passwords on paper and storing them in safe place is actually not such a horrible idea like some would say, because the risk of storing passwords only in memory is usually bigger than the risk of someone stealing your passwords physically.

One thing I learned from this incident is that, it's better to have backup than to not have it because you question it's security and be locked out of your accounts/funds forever.

Yea, especially if the crime rate in your area is so low. As long as you store it in a secure place (such as your own room) with enhanced protection it should serve as a good back-up. Some reports even suggested that this kind of data breach happens more often in workplace instead of your home.

I had almost identical situation with a new phone.

I have restored all backup files on a new phone and was going to erase my old one, when I though I should check how everything works on new one. All the passwords and accounts on social media app were working perfectly, except Google Authenticator. It was empty. Only then I have realized, that I havent saved QR 2FA pictures or "special codes to add 2FA manually to app".

If I had erased my old phone, it would be really hard to restore access to all exchanges and wallet, not speaking if it would be really possible to do.

It took me several hours to login to exchange or wallet, switch off 2FA security, erase it on old phone, set 2FA again on new phone. All this mixed will all that email and sms confirmations. It is good when you have few accounts only. But if you have registered like on 10-15 exchanges, all with different email and etc. Horrible.

How your being security concious can cause you everything! So heart touching a story, it brought me to the spotlight of some of the frustration you might have been encountering during that phase of trying a possible recovery of data.
We often preach the security awareness path of ensuring that your account and related data are properly safe even at times discuss on hardware wallets but often don't see the validity of these hardware wallets as also a backup system for the softwares because it actually is. Following the fact that, one can face equipment damage, burglary, natural or artificial desaster that could result in damage and lots of others, you've got to improvise a way of recovering or easily accessing data stored in safe systems.

Muscle memory always puts your hands in a certain pattern that it almost direct itself in reflecting what's on your mind on the screen. Like your typing on your device compared to someone else's device, it could never be the same especially when the persons device is structurally different from yours even with the same placement of features. It's a display of how frequent you've done a thing but, being nervous or mentally unstable can disrupt the whole thing.

Can you really sleep peacefully on your problems? Because, I can't except, I've got a plan on set to be tried out and it's got a 70-90% success else, the problems could just be a nightmare that bugs me till it's either solved or given up on for other chances. I'm yet to try out sleeping on your problems though but, I hope I don't have to.

Well, I didn't say I sleep peacefully :D, I was frustrated, pondering on remembering pattern and I eventually slept

Hmmm, I've changed my smartphone 3 times since I entered crypto space and I'm also a 2FA user on almost every thing on my phone, even emails but one thing I never forget about is moving every thing from the old phone into the new phone, I won't dare forget this part as it's so dangerous, I had to go to all websites and exchanges to off 2fa though and that took me days, I'm happy you solved things out

it sounds scary, but i really do not understand how can you forget your pattern, how long did you used your old phone, seems that i draw that pattern in my sleep, because i use the phone for at least two years
or you are using several phones, and then you did not save this particular pattern?

you can draw your pattern on a piece of paper, if you think that you will lose/forget it one more time, it could be part of broader drawing that you will hang as art on the wall :)

Well, I kinda mentioned the reason in op why I forgot the forgot the pattern. I'm pin lock guy from now on.

Multiple backup can be dangerous, saving private keys in cloud storage is even worse, private keys are meant to be kept from any online storage or email accounts, they are safer offline and if you want to in multiple places make sure they are all offline

that must be so frustrating to you, thank god everything went good at the end, i almost had the same problem once, because my phone didn't turn on one day after a lot of tries, but thank god it was just the battery, it's really nice of you to share awareness about something like this, you might be the reason to prevent it from happening to someone else.

Well, the backup was encrypted with the password only known to me.


Thank you and yes making others aware and not repeating same mistake as me was the purpose of creating the thread.

You made the backups at 3 separate locations "Google drive, box cloud storage, android file manager" but I wonder why didn't you consider saving a backup in an offline storage like HDD/USB/Memory card. I have personally reset my phone several times and had to regenerate the 2FA codes every time but never was I worried about my crypto holdings since I always had a backup of it in my HDD.
I know how painful it is to lose the google 2FA and thanks for making this post. I will now regenerate the backup code and save it offline in my HDD.

Yes it was my mistake, thankfully I did save it in my hdd otherwise this wouldn't have happy ending.

If paper isn't safe for private keys so is the same with any physical objects too, either hardware wallet or PC because there isn't anything that is fire proof, even wallet can damage hardware wallets too, it's just easier to choose anything offline because online is more risky than offline

This is really bad news so you need to back up wherever you put your private key so that you can easily recover if lost the brain does not work the same way for everyone many times it can be forgotten due to stress. Hardware wallets are good for storing confidential documents but there are risks involved in doing everything online better by saving work i keep everything in this notepad offline so that can easily see even if i forget it stays out of the hacker safer to write on paper to keep data safe.

I have also stored my data in many place but i think that why i am doing this? if all my data is secured by google authenticator then when my phone will be lost then i could not log in any place to recover my data only for the google auth. thats why i am using mobile verification process. to me this process is good even you phone and also sim card is lost then you can easily get back your sim from provider and then can get back other accounts with sms verification. THANK YOU.

Your experience shared here is very educative and most people without such experience might not really understand what you went through but I understand because I have been through the same before. When all you have is linked to google and you have difficulty accessing your Google account, then one would understand better.
I remember forgetting the pin of a device I no longer used for years and had to go back to use when my phone got damaged...
I tried all the passwords I could remember but none worked..
I slept over it and I remembered. So sometimes, a calm mind can help fix issues too.

Have multiple offline backups for your sensitive data, yep that's basically it.

The best option is to have two mobile added and generate back up codes and seal it in a vault and memorize your password don't include your password to the backup codes keep it separated in case of a breakup, and the most important thing is if you are going to ask Google to help you access your account again remember the first day you created your account because they will ask it in the verification procedure. 

@pawanjain is right Im also using my HDD as a backup to all my data like account passwords, google codes, private keys, storing your back up data on online storage is not advisable its too vulnerable if something happens also using paper for backup is not a good idea either like what other user suggests it might get burned or wet easily from natural disasters its very hard to recover unlike HDD. 

Oof, thankfully that story had a good ending. If you have a place that you know is safe, I'd recommend making some paper copies. And also, don't make such a complicated security layer that you end up getting tangled in it if one thing goes wrong. I know, you can never be too safe with these things but as you saw it may be possibly just as damaging to end up trapping yourself in it.