I was fucked, do not repeat same mistakes as me

[libert19]

2 days ago I got a new phone, played with it for a while, picked up my old phone and my memory went blank on what pattern I used.

I didn't realize how deep the problem was until I tried to login in Google account on new phone.

It asked for 2fa, I had aegis authenticator backed, secret key and backup codes, all on 3 separate locations , i.e, Google drive, box cloud storage, or android file manager itself.

Of course, I can't access Google drive without Google, I can't use android file manager as device is locked up. Now remains, Box cloud storage.

I signed up on Box with by protonmail account, and the passwords were in LastPass, and I had enabled 2fa on LastPass, it needed new device confirmation on my main email anyway, so I was fucked either way.

You get the gist, I had several backups BUT everything on locked device or at the locations which went through Google email.

I know now this sounds utterly stupid right now but in hindsight I thought I was secure.


I was on verge of getting my digital identity plus my financials wiped out.

Trying to break pattern lock

I tried several ways to break the pattern but all of them included data reset, there was one way to break it but it needed root (which I didn't do beforehand because security!) . I thought I should data reset and then do a data recovery, I just might get the files I needed but without Google account I wouldn't be able to get in at all.

Google customer support

I sent them recovery email, they said wait for 3-5 days for response. I didn't have much hope there, to be honest.

I was so privacy conscious and it bit me in the ass

- I had disabled android device manager, because I don't like turning on location and Google spying on me.

-  I had disabled recovery phone number to make myself safe from sim swapping attacks and no recovery email either.

What not to do

- Don't confuse muscle memory with repeated tries.
I had set up that pattern 4-5 months ago, and after a while it just becomes your muscle memory. I remember unlocking my phone without even looking at screen. Point is, if you forget the pattern, don't panic, it will just make the problem worse since time out increases with every wrong unlock attempt and you will confuse yourself.

After few repeated failed attempts, just take a nap and try with fresh mind, you just might get lucky and save yourself from lots of hassle.

You could also try to recognize pattern on your screen with how forensics identity fingerprints.

- Choose pin over pattern
There are infinite combinations of pattern, you just don't realize it until you forget or have backup lock (pattern + fingerprint), (pattern + pin), etc.

- Don't save everything in digital medium, have paper backups.

Happy ending

Remember the saying, sleep on problem? It really works.
I remembered (although not completely sure yet) I made backup of my passwordsafe (offline password manager) database (which had my Google 2fa key) to my pc (I had copied it sep 2018) but now my cpu was not working.

So took it to electronics guy, one said motherboard is done and we don't have same motherboard that we can put your hard disk in and let you copy the data.

So took it to another shop, he repaired it in a minute and didn't take any charge either. Guess it was really a minor problem. Remember the repair man story?

Anyway, I got the copy of the file. Not a sigh of relief yet, because files can go corrupt, thankfully it wasn't corrupted. Now, finally a sigh of relief and a heartly thanks to the friend who was with me all the time. I have a stuttering problem so it really helps when someone is with you who can communicate better.

Fun fact: There was lightning strike during last monsoon near the place where I put the cpu cabinet, if it actually hit the cpu that time and destroyed it I wouldn't be writing this here today since this bitcointalk account would have been one of many things that I would have lost.

[jackg]

Is there not android cracking software now? Ive heard there's an apple one that's paid for for the latest version but open source for previous releases once they become older...

You could probably have also taken the phone to a computer hardware shop or smashed it up yourself to pull out the chip (although you'd have to be careful not to smash the chip). And providing your phone wasn't encrypted with the pattern they could've got the data.

Still sounds like a very near miss though, especially if you hadn't thought or wanted to get the phone analysed...

[libert19]

And providing your phone wasn't encrypted with the pattern they could've got the data.

It was actually encrypted (one you enable in settings, most new phones come with it enabled by default).

[Findingnemo]

Did you try to recover your google account with text message option?

It is possible only if you verified/added your mobile number to your google account, this looks simple way but it only work when you have the mobile number added.
Or else waiting for the help it the only way as you said it may take upto 5 days but still you can recover it.

[libert19]

Did you try to recover your google account with text message option?

It is possible only if you verified/added your mobile number to your google account, this looks simple way but it only work when you have the mobile number added.

I mentioned that in op already.

Or else waiting for the help it the only way as you said it may take upto 5 days but still you can recover it.

Yes, but it had less chances, I came across many posts in Google forum where people lost their account permanently because Google couldn't verify them with whatever measures they use.

[akirasendo17]

it's very bad news, at the same time you should have multiple backups which mean in your pc, a safe cloud backup, and if you want you can write it down in a notebook, this happens to me and save my day, and a very important thing backup your phone, and make sure that your new phone can be imported to a new phone, is your authenticator connected with an exchange?

[libert19]

it's very bad news, at the same time you should have multiple backups which mean in your pc, a safe cloud backup, and if you want you can write it down in a notebook, this happens to me and save my day, and a very important thing backup your phone, and make sure that your new phone can be imported to a new phone.

Yes, now I'm more careful, my mistake was to not have paper backup.

is your authenticator connected with an exchange?

Yes I have 2fa enabled on several exchanges, if that's what you mean?

[NeuroticFish]

- Don't save everything in digital medium, have paper backups.

You managed to scare me     Although I am quite a fan of safekeeping all that's possible also on paper, just in case, I do have important things not on paper (laziness? convenience?); but I guess that I'll change that.
All in all a good advice.
And I'm glad that everything has ended well on your side.


PS. I've discovered in the last year that PIN + fingerprint beats pattern by far.

[TGD]

Too much cloud security backfire in your story. Reading your story really gives me a headache, I mean your are in loop security for all your account and you will be in trouble in case one them is not functional because your password recovery is connected to other cloud account. This thread makes me think to check again all my backup that store on my Google drive if they are safe. LOL

Point noted on your case. Thanks for the early warning.


I believe you will solve it fast if you root your phone and used an app to remove/reset finger print pattern. Just unroot your phone and reset it once you access your Google. It will save you a lot of time and hassle.

[SquirrelJulietGarden]

You said you stored your info on Google Drive, Dropbox and you will be fucked again. I hope you won't but you could clear all files on Google Drive, Dropbox if they are backup of your passwords, 2FA.

[Stalker22]

Damn it, when I read this I decided to print out all my passwords from the LastPasss manager and keep them on paper in a locked drawer. So much for the new digital age and cloud storage! LOL!

[robelneo]

Yes, but it had less chances, I came across many posts in Google forum where people lost their account permanently because Google couldn't verify them with whatever measures they use.

I successfully recover two of my gmail account using the verification method it really takes 3 to 7 day, the trick is to remember the last password you had, and the year you created the account, to get a good chance include the exact date, that is why whenever I create a new account, the first thing that I do is to send email on one of my other email, with all the information related to the email I just created.
You must think ahead, and always think of the worst case scenario.

[waiberz]

I also experience like this before. All of my personal details are wiped out. And the 2fa authy recory was lost I was thought that I saved it on my google spreadsheet. So I cant acess my account in exchange, they ask me to send details just like doing kyc procedure again.

What I learned is always write down your pk, 2fa recovery and put it in a safe place. As long as you still have an acess to your gmail or any cloud storage where you saved it. Please do have a double backup.

[FIFA worldcup]

Damn it, when I read this I decided to print out all my passwords from the LastPasss manager and keep them on paper in a locked drawer. So much for the new digital age and cloud storage! LOL!

If you have only access to that locked drawer, then its ok but if anyone else in your family (siblings / wife ) can access that drawer key, then you money and accounts are still not safe.
Yes, we should think of the worst possible scenario and should have a backup plan for every situation.

[libert19]

PS. I've discovered in the last year that PIN + fingerprint beats pattern by far.

Yes, now I'm done with patterns 

I would try use open-source script/software to unlock the smartphone if it has old version of Android which have vulnerability against physical attack, but good thing you managed to make a copy of your data.

It had android 9 and yes that backup saved my ass.

What I learned is always write down your pk, 2fa recovery and put it in a safe place. As long as you still have an acess to your gmail or any cloud storage where you saved it. Please do have a double backup.

Yep, Paper backups are underrated.

Yes, but it had less chances, I came across many posts in Google forum where people lost their account permanently because Google couldn't verify them with whatever measures they use.

I successfully recover two of my gmail account using the verification method it really takes 3 to 7 day, the trick is to remember the last password you had, and the year you created the account, to get a good chance include the exact date, that is why whenever I create a new account, the first thing that I do is to send email on one of my other email, with all the information related to the email I just created.
You must think ahead, and always think of the worst case scenario.

That's helpful, thank you!

Damn it, when I read this I decided to print out all my passwords from the LastPasss manager and keep them on paper in a locked drawer. So much for the new digital age and cloud storage! LOL!

Haha, well done!

You said you stored your info on Google Drive, Dropbox and you will be fucked again. I hope you won't but you could clear all files on Google Drive, Dropbox if they are backup of your passwords, 2FA.

It's box, not drop box, android cloud storage service and yes I have paper backup now.

Too much cloud security backfire in your story. Your are in loop security for all your account and you will be in trouble in case one them is not functional because your password recovery is connected to other cloud account.

Exactly, I can't believe how flawed my 'security' was.

I believe you will solve it fast if you root your phone and used an app to remove/reset finger print pattern. Just unroot your phone and reset it once you access your Google. It will save you a lot of time and hassle.

Idk, to root device you need to enable USB debugging and when you got your phone screen locked you can't do that.

[Findingnemo]

Did you try to recover your google account with text message option?

It is possible only if you verified/added your mobile number to your google account, this looks simple way but it only work when you have the mobile number added.

I mentioned that in op already.

Really? Or I am missing to read that part again?

Please highlight or bold those part which you mentioned in OP about recovering through text message codes which will send to our mobile number.

[libert19]

Did you try to recover your google account with text message option?

It is possible only if you verified/added your mobile number to your google account, this looks simple way but it only work when you have the mobile number added.

I mentioned that in op already.

Really? Or I am missing to read that part again?

Please highlight or bold those part which you mentioned in OP about recovering through text message codes which will send to our mobile number.

"I had disabled recovery phone number to make myself safe from sim swapping attacks and no recovery email either."

[sujonali1819]

So took it to another shop, he repaired it in a minute and didn't take any charge either. Guess it was really a minor problem. Remember the repair man story?

Really? Curious to know which method the man used?

Btw what you did I also did the same before so that I can find all things on my phone. But did not face any problem like this, fortunately. Now what I think it's better always keep the keys in the paper, and yes always there are in two places. So that if you lost one in anyway you can use the other one.

[libert19]

So took it to another shop, he repaired it in a minute and didn't take any charge either. Guess it was really a minor problem. Remember the repair man story?

Really? Curious to know which method the man used?

Btw what you did I also did the same before so that I can find all things on my phone. But did not face any problem like this, fortunately. Now what I think it's better always keep the keys in the paper, and yes always there are in two places. So that if you lost one in anyway you can use the other one.

I have no idea what he did.

Had I not forgot the pattern, there would have been no problem. I have changed phones multiple times, this time problem arose only cause I forgot the lock.

[lovesmayfamilis]

PS. I've discovered in the last year that PIN + fingerprint beats pattern by far.

I don't trust patterns either. And more I stick to the entrance to the phone by fingerprint. Today's versions of android make a good reminder every few days, which asks for a PIN code. This is a good help since, in fact, the hands remember the same movements, and passwords can just fly out of your head.
But I have a different question. Have you entrusted all your confidential information on your phone? Well, suppose it is encrypted by you and is blocked at a dangerous moment. What about the banal loss of your phone? Can't you expect this?
Why don't you use ordinary flash drives, and encrypt all the information there, and let it be not one, but several of them?
I'm not being clever in any way, I just went through the whole story with the loss of the phone, on which a lot of information was saved. Since then, I've tried not to trust phones.