Hi,
I have just installed goodmail top get my work email (as the corporate for some reason is supporting this). I find it very annoying that every 10 minutes it locks itself and forces me to enter a password. So if I need to make a phone call, I have to enter this password to unlock it.
The current preferences in goodmail only allows me to select the timeout interval to be 1, 5 or 10 minutes only.
Is it possible to turn off this locking, or allow the interval to be changed to 99 minutes - by registry hack or something?
Many thanks.
this is controlled by your company at the GOOD Server. Like Blackberry, GOOD has built in a way to apply policies to the handheld. It's a good thing from a corporate IT security perspective, but a bad thing for the, sometimes, over-restricted end-user.
thanks, I suppose from the response that there is no way to get over it. It is very annoying especially when I am forced to set a 6 digit password.
I only need to use a 4 character password and get 30 minutes before the device locks.
When i try and change the keyboard lock interval, I get only three choices - 1, 5 and 10 minutes. I looked at the registry and that has value = 3.
When I set/change the password, I get a message that it must be atleast 6 characters.
I believe this must be the policy set up by the company - I will chase the administrators and find out.
Thanks and regards,
Satinder
spahwa said:
Hi,
I have just installed goodmail top get my work email (as the corporate for some reason is supporting this). I find it very annoying that every 10 minutes it locks itself and forces me to enter a password. So if I need to make a phone call, I have to enter this password to unlock it.
The current preferences in goodmail only allows me to select the timeout interval to be 1, 5 or 10 minutes only.
Is it possible to turn off this locking, or allow the interval to be changed to 99 minutes - by registry hack or something?
Many thanks.
Click to expand...
Click to collapse
Are you sure you can't use your phone without unlocking? I have goodmail and it lets me place and receive calls without unlocking. It tries (and partially succeeds) at blocking me from viewing my contacts, but I can still make calls.
Hi guys, my little one was playing with phone and has locked my phone after doing the pattern unlock. Dont know how many times she has done it.
It is now saying unlock using email address.
I have done the following:
If you have forgotten the screen unlock pattern, you have up to five attempts to try and unlock your phone. If this fails, you can unlock your phone by entering your Google Account user name and password.
1. On the unlock screen, attempt to enter your unlock pattern five times.
2. When prompted to wait for 30 seconds, tap OK.
3. If the display goes off, press the POWER button to turn the display back on, and then press the bar on the lock screen and slide your finger down to unlock the screen.
4. Tap the Forgot Pattern button in the lower right corner when it appears.
5. Enter your Google Account name and password, and then tap Sign in.
When i do this it just says invalid username and password, just does not let me go past that screen i can still receive calls which is good for now.
I have tried turning phone off still same thing.
I dont know wat to do now to gain access to my phone. Only had it 2 days.
I have been online to make sure my email address and passwrod are correct and the gmail address is correct. Could it be a different address, as the only other address i use aint working either.
My internet connection is disabled too, am i totally fecked or can someone please advise best way. MANAGED TO GET INTERNET CONNECTED using hold power button still no good.
Thanks and fast reply would help majorly.
Nad
Re: **major screw up help pls**
when you have the login with Google account screen, put your Google mail address in as normally and for the password type "null"
excluding ""
give that a go. it will mean you won't need to reset your phone.
You can hard reset the phone (starts the phone like new - will delete all user prefs and apps contacts etc) and will return it to the state it is in when it's new
Turn the phone off
Hold down VolDown and turn the phone on by pressing the Power Button (keep holding VolDown)
Follow the onscreen instructions to wipe your phone
Ramedge said:
when you have the login with Google account screen, put your Google mail address in as normally and for the password type "null"
excluding ""
give that a go. it will mean you won't need to reset your phone.
Click to expand...
Click to collapse
Same thing still nothing,
Trying to avoid hard reset just got it set right. Anything else i can try b4 i go down that route.
Thanks
Right sussed it, how stuuuuuupid is this, its your username excluding the @gmail.com
So for future if anyone else has this problem, please insert address prior to @ sign and ur password, how strange for them to set it like this, all the time i was entering full email address.
DOH thanks fro the rapid responses by the way fellas.
Nad
N4D5 said:
Right sussed it, how stuuuuuupid is this, its your username excluding the @gmail.com
So for future if anyone else has this problem, please insert address prior to @ sign and ur password, how strange for them to set it like this, all the time i was entering full email address.
DOH thanks fro the rapid responses by the way fellas.
Nad
Click to expand...
Click to collapse
The only time I know of when you have to use @ in a Google login is if you are using a Google apps account with your own domain, otherwise it is always just your username.
Follow these steps to dump all of your phone's memory. What use is this? It can be used to locate your MSL code if other methods fail. This method should work even if your phone is "bricked". This could potentially be used to retrieve lost information. At the very least it contains all your texts.
I am also currently exploring a possible security fail on the part of android/google. My phone dump contains my google account password in plain text....not just once. It has my password in plain text over 120 times. I am investigating how this could be. My google password is unique to that one account, and it is paired with my google login in the phone dump. I have not input the password in any other place outside of when I first setup my phone. I have not input that password in any app or browser. You may want to check if your login credentials are also being mishandled and possibly logged.
Phone Dump: (portions of this were taken from the PRL guide)
Connect your phone to your computer using a USB cable.
Open Device Manager.
Ports > LGE Android Platform USB Serial Port > Properties > Port Settings > Advanced > COM port number
Make a note of your COM port number.
Download and install QPST v2.7.
Open "QPST Configuration".
In the "Ports" tab, if your com port isn't listed, select "Add New Port" and write in your com port as "COM#" (# being the number you noted in step 4). Verify that your com port is listed.
Make sure your phone appears in the the "Active Phones" tab.
Run the "Memory Debug" program from QPST.
With your phone connected via USB and selected via the "Browse" button, press "Get Regions".
This will reboot your phone into "Download mode". You will most likely lose the connection to your phone because download mode uses different drivers and possible a different port. Go into device manager -> Ports (COM & LPT) and find your phone's new COM port.
Go into the QPST configuration and setup the new port.
Go back to the "Memory Debug" program, browse for your phone again, and select "Get Regions" again.
This time it will show you a bunch of options. Leave them all checked and select "SaveTo" and pick an empty folder to dump your phone memory to. This will take up a little over 500 megs.
It will take a good amount of time to finish (possibly 30 min to an hour).
When you are done, you will have the following files:
Code:
adsp_rama.bin, adsp_ramb.bin, adsp_ramc.bin, adsp_rami.bin, mdsp_rama.bin, mdsp_ramb.bin, mdsp_ramc.bin, mdsp_regs.bin, load.cmm, ebi_cs0.bin, and ebi_cs1.bin
If you want your MSL code, open ebi_cs0.bin with a hex editor. Look at the following HEX addresses:
Code:
0162ABCE
01BA6BDC
Both should contain your 6 digit MSL code in plain text.
If you want to find your ESN:
Code:
0104B5C2
What is more interesting is when you search in both ASCII and Unicode for your google account password in ebi_cs0.bin and ebi_cs1.bin. This is a raw dump of your phone memory. It will contain your contact list and other person information, but I see no reason for your account password to be logged in plain text. Another user has already reported finding his password using this technique. Please search for yourself and report back what you find. My guess is that this is not unique to the Optimus V.
Update:
I changed my account password. My phone then prompted for my new password. I entered it in. I then synced my contacts, rebooted, and then dumped the contents of my phone. My new password was in there in plain text twice. The old password was still there too. Something is logging my internet traffic or my keyboard inputs.
I can confirm my email address and password are together in plain text in multiple locations. I don't know much about mem dumps, but it appears to indicate it is google's sync service:
ebi_cs1.bin
0D565490 .... 8 NOOP..TCH 48(
0D5654A0 .... UID FLAGS)...."p
0D5654B0 .... assword"........
All other instances were preceded by imap or smtp.
JerryScript said:
I can confirm my email address and password are together in plain text in multiple locations. I don't know much about mem dumps, but it appears to indicate it is google's sync service:
ebi_cs1.bin
0D565490 .... 8 NOOP..TCH 48(
0D5654A0 .... UID FLAGS)...."p
0D5654B0 .... assword"........
All other instances were preceded by imap or smtp.
Click to expand...
Click to collapse
Thanks! With you that makes 3 of us to experience this. The address for the password(s) are different for me which is expected. Where as the MSL code would be located in a certain unchanged portion of the phone, this mysterious log would constantly be changing and could even be fragmented over the flash drive. I don't have (UID FLAGS) anywhere in either file.
What I also have is many Groove IP references with my Groove IP related google login and password. This looks like it is capturing it as internet traffic. I don't see why Google or Groove IP would log a password they both have encrypted access to.
mmarz said:
Something is logging my internet traffic or my keyboard inputs.
Click to expand...
Click to collapse
It's the keyboard. The OS isn't logging your passwords, at least as far as I can tell. If you select a different keyboard than the default, you will see a security warning popup which says that the keyboard can log everything, including your passwords. Well, this is normal, because softkeyboards need to be able to store words you enter into their dictionary/history to enhance their spelling and prediction. This is why your old password is still there after you changed it, and why they are stored in plaintext (because dictionaries are never thought to be encrypted).
Whether or not the softkeyboard is storing "words" that your entered in password fields in plaintext is not an Android security hole, it's the keyboard's, so complaints and/or advisories should be directed to them. They should at least give us the option of marking password fields as something not to store, and if we do want them remembered, for jimminey cricket's sake store them in a separate encrypted dictionary.
obijohn said:
It's the keyboard. The OS isn't logging your passwords, at least as far as I can tell. If you select a different keyboard than the default, you will see a security warning popup which says that the keyboard can log everything, including your passwords. Well, this is normal, because softkeyboards need to be able to store words you enter into their dictionary/history to enhance their spelling and prediction. This is why your old password is still there after you changed it, and why they are stored in plaintext (because dictionaries are never thought to be encrypted).
Whether or not the softkeyboard is storing "words" that your entered in password fields in plaintext is not an Android security hole, it's the keyboard's, so complaints and/or advisories should be directed to them. They should at least give us the option of marking password fields as something not to store, and if we do want them remembered, for jimminey cricket's sake store them in a separate encrypted dictionary.
Click to expand...
Click to collapse
There are a few reasons I don't buy this as being the cause.
Where would this unencrypted keyboard log be? I have data2ext going. My password was found on my internal phone partition. Whatever is doing this has permission to modify files outside of the data folder.
My password was present repeatedly. Even when I changed my password, it appeared twice even though I had only entered it once.
You have to manually select when you want to add words to the dictionary, otherwise all your misspelled tweets would be added. In password fields, this is not possible because only a single letter is inputted at any given time. No word is ever developed.
My other passwords are not in this log file. For example, my titanium backup password that I have to constantly use when I restore backups is not in here. Also my internet search phrases and other relevant items that I have typed in.
Update:
I just got this from KSmithInNY:
http://androidcentral.com/android-passwords-rooted-clear-text
Any app with root access has the ability to get your google credentials because android stores them in plain text. Wonderful!
mmarz said:
I just got this from KSmithInNY:
http://androidcentral.com/android-passwords-rooted-clear-text
Any app with root access has the ability to get your google credentials because android stores them in plain text. Wonderful!
Click to expand...
Click to collapse
Use the 2-step verification for your Gmail account and also set up an application specific password for your android device.
http://www.youtube.com/watch?v=zMabEyrtPRg
csrow said:
Use the 2-step verification for your Gmail account and also set up an application specific password for your android device.
http://www.youtube.com/watch?v=zMabEyrtPRg
Click to expand...
Click to collapse
Wouldn't this mean that you have to enter a verification code when entering your normal password, but if malware were to steal your application specific password that you created just for your phone, they could access your account using it and bypass the verification process?
Application specific password will only work on that phone. If you lose your phone, you can revoke that password for that phone which will block the access.
csrow said:
Application specific password will only work on that phone. If you lose your phone, you can revoke that password for that phone which will block the access.
Click to expand...
Click to collapse
No, they work on any device. There is no way for google to know what device is using it. You personally assign them for that phone, but if the password were to be stolen, then it can be used on any device. Also, if your account were to be compromised, you wouldn't know which password was stolen. With each application password you create, you are allowing another passcode that can be used to access your account. This seems very unsafe.
Update: I just tested this and I am right. I can use the same application specific password on all my apps and phones. So if this password were to be stolen, anyone could use it to login to my account. This is a major fail on the part of google....again.
Update2: Application specific passwords can be used to create login tokens. That means you can use a program like trillian to log into your gtalk using it, and then use the login token it produces to get access to your main google account through a web interface.
Well, that completely defeats the purpose of 2-part authentication. Oh well.
I hope you've reported this security hole... because obviously the intent is to be more secure than it actually is.
Which hole are you referring to? How google's two step verification is worthless because of one step passwords they force you handout to automated login apps? How Android's own password storage system keeps passwords in plain text and protects it by setting the file permissions to "please don't read this"? Or are you taking about how putting all these issues aside, I can still see my password in plain text in some sort of data capturing log that I found in a data dump of my phone's internal memory?
If you are talking about the last one, I'm still trying to find out exactly where the password is being stored in the dump and by what process. I've been searching through my phone's internal memory while it is on, but I can't seem to find it. I also want to rule out malware or something stupid that I might be doing before I start yelling about the sky falling. If more of you guys try this out, maybe we can rule out malware since all of us can't have the same bug. It really can't hurt your phone to dump it. It only takes 40 mins of your time.
(The more I learn about this stuff, the angrier I get.)
so after 3 tries i was able to dump the memory and after hours of searching i cant find my mn_aaa or mn_ha shared secrets,does anyone know the location of these? i have tried qxdm and after sending the spc i send
requestnvitemread ds_mip_ss_user_prof
and i get
22:53:26.203DIAG RX item:
22:53:26.203requestnvitemread - Error response received from target.
or is there another way to find them?
ummkiper said:
so after 3 tries i was able to dump the memory and after hours of searching i cant find my mn_aaa or mn_ha shared secrets,does anyone know the location of these? i have tried qxdm and after sending the spc i send
requestnvitemread ds_mip_ss_user_prof
and i get
22:53:26.203DIAG RX item:
22:53:26.203requestnvitemread - Error response received from target.
or is there another way to find them?
Click to expand...
Click to collapse
Any luck? I have the same issue with the Optimus V, e.g. I used another phone and reading the NV item was no issue. Seems to be specific to the LG.
srmuc69 said:
Any luck? I have the same issue with the Optimus V, e.g. I used another phone and reading the NV item was no issue. Seems to be specific to the LG.
Click to expand...
Click to collapse
well i think ive gotten further with qpst i opened service programming and put in my spc read the phone then saved to file. i double clicked the file and a viewer opened and i viewed it in text format i seen alot of nv items there but have yet to figure out which ones they are.
ummkiper said:
well i think ive gotten further with qpst i opened service programming and put in my spc read the phone then saved to file. i double clicked the file and a viewer opened and i viewed it in text format i seen alot of nv items there but have yet to figure out which ones they are.
Click to expand...
Click to collapse
Any luck? I did the same thing but as I have read in many other blogs the LG Optimus V times out in qpst, so did mine too.
I still have information in the file and I found the NV_ITEM_ARRARY in the file. What I do not know is how that array is built, e.g. is there a developer guide for CDMA phone where they detail the information. I was looking for the 1192 nv item and it should start wit the length like 0A for 10 digits of the AA Password. No luck so far without knowing what the bytes are and from just locking for 0A you get tons of hits.
What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.
mmarz said:
What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.
Click to expand...
Click to collapse
I'm trying to get the NV_ITEM 1192 and 466 from the LG Optimus V which is on Virgin Mobile. When I do that with CDMA Workshop it says access denied once you save the file. Now I'm tyring to find what these values are on my LG Optimus V. Do you think the dump will have this and how would I go to find the NV ITEMs, e.g. in which file are they and at what hex position?
srmuc69 said:
I'm trying to get the NV_ITEM 1192 and 466 from the LG Optimus V which is on Virgin Mobile. When I do that with CDMA Workshop it says access denied once you save the file. Now I'm tyring to find what these values are on my LG Optimus V. Do you think the dump will have this and how would I go to find the NV ITEMs, e.g. in which file are they and at what hex position?
Click to expand...
Click to collapse
yeah the dump should have all nv items.the hard part is figuring which ones are which.
mmarz said:
What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.
Click to expand...
Click to collapse
well the mnha and mn aa are paswords needed to get your data working when you want to use a different phone ie the Samsung Epic on virgin mobile.you can clone all info from the optimus v to the epic but with out those password data will not work.i may not be inclined to do this anymore since the motorola triumph is coming out.meaning i wont need to find a better phone and clone this one.
I've been having trouble with my campus wifi.. Instead of just entering a password, I have to enter my campus email and password. After x ammount of time of being inactive it disconnects me and I have to go through the process again...
Is there a way I can force my phone to remember the login info for it? I haven't found anything that would enable it just yet. :\
Does it open browser that you are required to log in with as if your using hotel wifi? If it does, then try Google Chrome
Yes it does. I use Chrome, but it never gives me the "Do you want to save this password?" when I have that option enabled. :\
ReapersDeath said:
Does it open browser that you are required to log in with as if your using hotel wifi? If it does, then try Google Chrome
Click to expand...
Click to collapse
You can try a password manager like Roboform or Lastpass.
I dont know if your campus has it, but UMD (University of Maryland) had two options, one PUBLIC where you had to enter your email (userid) and password, and another network was secure. What i did is connected to the secure, and simply entered my Userid (the one that school gave you, the one u use to sign in to the system to register for classes) and the password. worked great for me
I am trying to set up a Tasker action to happen when I scan an NFC tag. I installed "Local NFC Plugin", and set update a Tasker profile. Everything is working, except that when I scan my tag I always get a dialog popup that says "Choose an action", with the options "Activate NFC condition" and "New tag collected". If I click on "Activate", my Tasker profile works. If I click on "New tag..." I just get a screen showing me my tag, but not allowing me to do anything.
Is there any way to avoid the "Choose an action" screen? The defeats the whole purpose of scanning an NFC if I have to click on something to get it to work.
Any update to this?
writing to tag worked for me
klau1 said:
Any update to this?
Click to expand...
Click to collapse
just found that if your tags are empty/blank, try writing something to it. i used the default write action in ReTAG and it worked! Stopped asking for action when i tap it.
noisygecko said:
I am trying to set up a Tasker action to happen when I scan an NFC tag. I installed "Local NFC Plugin", and set update a Tasker profile. Everything is working, except that when I scan my tag I always get a dialog popup that says "Choose an action", with the options "Activate NFC condition" and "New tag collected". If I click on "Activate", my Tasker profile works. If I click on "New tag..." I just get a screen showing me my tag, but not allowing me to do anything.
Is there any way to avoid the "Choose an action" screen? The defeats the whole purpose of scanning an NFC if I have to click on something to get it to work.
Click to expand...
Click to collapse
There is a solution to this posted on the Locale NFC Plugin Google Play app page.
If you have conflicts with other NFC-applications such as the default Tags-app you can do the following:
If you have a Ice Cream Sandwich phone - System Settings->Apps->ALL->Tags->Disable
If you have a Gingerbread phone you will have to write a unique tag for this plugin. To do this follow this guide http://goo.gl/uZmYv
Click to expand...
Click to collapse
For most phones, you just go into your app manager and find the app called "Tags" and disable it. On kitkat the option is actually labeled "Turn Off". Once it's off the "choose an action" screen goes away.
xfive420 said:
There is a solution to this posted on the Locale NFC Plugin Google Play app page.
For most phones, you just go into your app manager and find the app called "Tags" and disable it. On kitkat the option is actually labeled "Turn Off". Once it's off the "choose an action" screen goes away.
Click to expand...
Click to collapse
Nailed it!
Thanks!!
This trick wasn't working to me. I'm using Galaxy S5 / CM13 (pretty new nightly build). At first, it asked me to choose between "new tag collected" or NFC tasker, but didn't give possibility to set "always" or "just once". So every time I chose NFC tasker and tags worked fine. Now I tried to disable tags from system apps and tags wont work at all. I also tried trick to write something on tag with ReTag and other apk, but there wasn't any help for me.
I try to build tag for car mode - enter task when reading tag for first (GPS on, open car-dash apk, setup volumes high) and then exit task when reading tag second time (kill car-dash apk, GPS off).
Any ideas?