Thanks for sharing your problems with the community, everyone could take a lesson from here. That's the reason why I have been discouraging store your credential to the online or offline machine. I have been writing all my credentials on my daily note (paper). Once I forgot any of them including google 2FA, then I look on my note for it. A few months back I changed my phone and everything recovered from my notes. Hope you learn from your mistakes and save all your credential on hard paper.
But while writing down things on paper note books their durability is in big question. ( and security if someone stores millions worth of assets) One thing I learned from this incident is that, it's better to have backup than to not have it because you question it's security and be locked out of your accounts/funds forever. |
|
|
|
So took it to another shop, he repaired it in a minute and didn't take any charge either. Guess it was really a minor problem. Remember the repair man story? Really? Curious to know which method the man used? Btw what you did I also did the same before so that I can find all things on my phone. But did not face any problem like this, fortunately. Now what I think it's better always keep the keys in the paper, and yes always there are in two places. So that if you lost one in anyway you can use the other one. I have no idea what he did. Had I not forgot the pattern, there would have been no problem. I have changed phones multiple times, this time problem arose only cause I forgot the lock. |
|
|
|
Did you try to recover your google account with text message option?
It is possible only if you verified/added your mobile number to your google account, this looks simple way but it only work when you have the mobile number added.
I mentioned that in op already. Really? Or I am missing to read that part again? Please highlight or bold those part which you mentioned in OP about recovering through text message codes which will send to our mobile number. "I had disabled recovery phone number to make myself safe from sim swapping attacks and no recovery email either." |
|
|
|
PS. I've discovered in the last year that PIN + fingerprint beats pattern by far.
Yes, now I'm done with patterns  I would try use open-source script/software to unlock the smartphone if it has old version of Android which have vulnerability against physical attack, but good thing you managed to make a copy of your data.
It had android 9 and yes that backup saved my ass.
What I learned is always write down your pk, 2fa recovery and put it in a safe place. As long as you still have an acess to your gmail or any cloud storage where you saved it. Please do have a double backup.
Yep, Paper backups are underrated.
Yes, but it had less chances, I came across many posts in Google forum where people lost their account permanently because Google couldn't verify them with whatever measures they use.
I successfully recover two of my gmail account using the verification method it really takes 3 to 7 day, the trick is to remember the last password you had, and the year you created the account, to get a good chance include the exact date, that is why whenever I create a new account, the first thing that I do is to send email on one of my other email, with all the information related to the email I just created. You must think ahead, and always think of the worst case scenario. That's helpful, thank you! Damn it, when I read this I decided to print out all my passwords from the LastPasss manager and keep them on paper in a locked drawer. So much for the new digital age and cloud storage! LOL!
Haha, well done! You said you stored your info on Google Drive, Dropbox and you will be fucked again. I hope you won't but you could clear all files on Google Drive, Dropbox if they are backup of your passwords, 2FA.
It's box, not drop box, android cloud storage service and yes I have paper backup now. Too much cloud security backfire in your story. Your are in loop security for all your account and you will be in trouble in case one them is not functional because your password recovery is connected to other cloud account.
Exactly, I can't believe how flawed my 'security' was. I believe you will solve it fast if you root your phone and used an app to remove/reset finger print pattern. Just unroot your phone and reset it once you access your Google. It will save you a lot of time and hassle.
Idk, to root device you need to enable USB debugging and when you got your phone screen locked you can't do that. |
|
|
|
it's very bad news, at the same time you should have multiple backups which mean in your pc, a safe cloud backup, and if you want you can write it down in a notebook, this happens to me and save my day, and a very important thing backup your phone, and make sure that your new phone can be imported to a new phone.
Yes, now I'm more careful, my mistake was to not have paper backup. is your authenticator connected with an exchange? Yes I have 2fa enabled on several exchanges, if that's what you mean? |
|
|
|
Did you try to recover your google account with text message option?
It is possible only if you verified/added your mobile number to your google account, this looks simple way but it only work when you have the mobile number added.
I mentioned that in op already. Or else waiting for the help it the only way as you said it may take upto 5 days but still you can recover it. Yes, but it had less chances, I came across many posts in Google forum where people lost their account permanently because Google couldn't verify them with whatever measures they use. |
|
|
|
And providing your phone wasn't encrypted with the pattern they could've got the data.
It was actually encrypted (one you enable in settings, most new phones come with it enabled by default). |
|
|
|
2 days ago I got a new phone, played with it for a while, picked up my old phone and my memory went blank on what pattern I used. I didn't realize how deep the problem was until I tried to login in Google account on new phone. It asked for 2fa, I had aegis authenticator backed, secret key and backup codes, all on 3 separate locations , i.e, Google drive, box cloud storage, or android file manager itself. Of course, I can't access Google drive without Google, I can't use android file manager as device is locked up. Now remains, Box cloud storage. I signed up on Box with by protonmail account, and the passwords were in LastPass, and I had enabled 2fa on LastPass, it needed new device confirmation on my main email anyway, so I was fucked either way. You get the gist, I had several backups BUT everything on locked device or at the locations which went through Google email. I know now this sounds utterly stupid right now but in hindsight I thought I was secure.
I was on verge of getting my digital identity plus my financials wiped out. Trying to break pattern lock I tried several ways to break the pattern but all of them included data reset, there was one way to break it but it needed root (which I didn't do beforehand because security!) . I thought I should data reset and then do a data recovery, I just might get the files I needed but without Google account I wouldn't be able to get in at all. Google customer support I sent them recovery email, they said wait for 3-5 days for response. I didn't have much hope there, to be honest. I was so privacy conscious and it bit me in the ass - I had disabled android device manager, because I don't like turning on location and Google spying on me. - I had disabled recovery phone number to make myself safe from sim swapping attacks and no recovery email either. What not to do - Don't confuse muscle memory with repeated tries. I had set up that pattern 4-5 months ago, and after a while it just becomes your muscle memory. I remember unlocking my phone without even looking at screen. Point is, if you forget the pattern, don't panic, it will just make the problem worse since time out increases with every wrong unlock attempt and you will confuse yourself. After few repeated failed attempts, just take a nap and try with fresh mind, you just might get lucky and save yourself from lots of hassle. You could also try to recognize pattern on your screen with how forensics identity fingerprints. - Choose pin over pattern There are infinite combinations of pattern, you just don't realize it until you forget or have backup lock (pattern + fingerprint), (pattern + pin), etc. - Don't save everything in digital medium, have paper backups. Happy ending Remember the saying, sleep on problem? It really works. I remembered (although not completely sure yet) I made backup of my passwordsafe (offline password manager) database (which had my Google 2fa key) to my pc (I had copied it sep 2018) but now my cpu was not working. So took it to electronics guy, one said motherboard is done and we don't have same motherboard that we can put your hard disk in and let you copy the data. So took it to another shop, he repaired it in a minute and didn't take any charge either. Guess it was really a minor problem. Remember the repair man story? Anyway, I got the copy of the file. Not a sigh of relief yet, because files can go corrupt, thankfully it wasn't corrupted. Now, finally a sigh of relief and a heartly thanks to the friend who was with me all the time. I have a stuttering problem so it really helps when someone is with you who can communicate better. Fun fact: There was lightning strike during last monsoon near the place where I put the cpu cabinet, if it actually hit the cpu that time and destroyed it I wouldn't be writing this here today since this bitcointalk account would have been one of many things that I would have lost. |
|
|
|
|
Just to add, HODL doesn't always work, I think it's good idea to exit if you think your project is going nowhere than to stay being bag holder and hope for best. Even projects you thought legit can turn to 0.
|
|
|
|
And what it more scary is that the security researchers didn't disclose the supposedly thirteen crypto related apps that has been targeted by this malware or trojan. Although it started to just attack Brazilian apps, it has forked to other banking apps within it's neighbours so it is very dangerous.
So the best option for us right now and not to trust anything, specially countries mentioned in the research. It's good to not trust anything anyway because it usually takes a while for security firms to detect the new viruses/trozens. One simple thing android users can do is to be careful about permissions they give to apps. |
|
|
|
I'm pretty much on same boat as you, few 'quality' contributions and I shall be there, just need my lazy ass right up than competing bounty quota and not caring further.  |
|
|
|
|
Holy shit, this is first time I have seen this type of scam, random pop ups and swapped actual options makes it harder to counter, i wonder how does this actually work?
|
|
|
|
You were scammed, it seems. No need to regret as you learned something new. Greed is a destruction in trading which I've learned. If I would have cashed ICO tokens in 2017, I would be launching at least 5 ETH 2.0 validator node today!
Yes but I don't regret the amount I lost I rather regret the return I would have gotten if I only invested that in dmst. Only two cases are anger and self-confidence in the kidneys. I see you've got lucky here, but this is just a little bit of luck and it won't be regular, trust me you won't be able to find a second chance other than that. Instead of regretting it, you have also benefited from the project you put your money into, and it is certainly much better than losing your money. But this is still an approach, or investment that i do not encourage people to pursue because it is not well known for the crowd, to go through these only a loss of money and your time.
Wth?
Anyway I have moved on, you gotta give few days for regrets to pass. Locking the topic. |
|
|
|
|
Why it has to be next 'ethereum'? Why can't it have its own unique identity?
|
|
|
|
|
Most wallets allow you to make transaction/view seed after user knows the pin/password, imo it should be better than that. Wallets should implement system where if user wants to make trx/seed, they need to go through multiple authentications (like pin first, then fingerprint authentication (physical presence check) etc), it's less convenient but more secure.
|
|
|
|
Some smartphone manufacturers even give advice on how to avoid fingerprint misuse, This cannot be overemphasized. Biometric security shortcuts like fingerprint and face recognition are really not secure. Some devices actually allow a face scan when the eyes are closed and some cannot notice differences when a face is similar. It's weird that sensitive apps like bank apps and wallets allow biometric verification as a security option. Unfortunately many people think that no one can unlock their smartphone if they use fingerprint or face recognition, but this is far from the truth. As I already wrote, it is a very fast way to unlock the device and does not require remembering passwords and PINs, so as such it is very well accepted given today's fast-paced lifestyle. Face ai and fingerprints are easiest security measures to bypass, if you ever get kidnapped or smth, it takes no effort for the criminal to break it. |
|
|
|
Used Coinomi in the past for some altcoin storage and never had any issues with them personally, probably they have bugs but, Do they really have vulnerabilities?
Coinomi had a really severe vulnerability where they sent the mnemonic code to the google server to check the spelling of the words. While mistakes can happen, the developer claimed that this isn't as sever since google employees stealing funds would be unlikely. They completely ignored any other attack surface coming from that vulnerability. The really important thing is not that the vulnerability existed, but the missing competence from the developer to acknowledge it. There are better wallets with more competent developers available. Thanks for the clear explanation, I didn't know that this vulnerability existed with Coinomi but luckily I am not affected by it. Still have that wallet but I don't think any considerable amount left in there. Still the vulnerability exists with it or they resolved it? Only desktop version was affected and from their response article the vulnerability was in the plugin they used and not in wallet code itself. You can read more here if you like: https://medium.com/coinomi/official-statement-on-spell-check-findings-547ca348676b |
|
|
|
Not only this. The good news is transaction fee on ETH network has been low in the last 2 weeks and today. There is problem with gas limit but it is good to see fee in Gwei began to fall back to normal area.
Gas limit is the maximum gas that can be spent for a transaction. Since all gas allocated to a transaction isn't necessarily spent, transaction fee doesn't actually depend on gas limit. Transaction fee depends on used gas not gas limit. It does sort of, it gives you estimation of maximum fees you pay for that particular transaction. I saw many cases where people paid more in fees than their actual transaction value. |
|
|
|
|
There are bunch of such sites and many come every single day I doubt these threads help with anything. Get legit website link, bookmark it and use it from then on.
|
|
|
|
I don't understand, are you talking about lost gas fees due to swapping tokens or is it about you swap to the scam token?
Both, he gave warning for wasting ethereum for transaction fees and for exchanging fake tokens you will also lost ethereum for fees. I heard one big mistake of person sending 120$ worth of eth in unisswap accidentally use high fees for one transaction These are the things you should avoid a simple mistake but lose a lot of money right away after sending it. This is the article for that news https://cointelegraph.com/news/i-destroyed-my-life-uniswap-trader-spends-9-500-in-fees-on-120-transaction . Can the fee be adjusted or is it automatic when I want to change it? I see that there are some scammers who take advantage of exchanges like this Uniswap on the pretext of warnings and tokens cannot be exchanged while the gas is gone and I want this to have happened to some people who experience it. Still, I will know when I want to change at Uniswap and this will not be possible if we are careful and see the cost of the gas needed, therefore we all understand this mistake and most importantly there are both mistakes from ourselves or scamer who try to trick us. I'm not sure about desktop wallets/extensions but I have used several mobile wallets (kyberswap/coinomi/trust/) and all of them allow you to use customized fees and also show how much $ in gas you are gonna spend. |
|
|
|
|
Show Posts
