1

If your tablet got stolen, how probable is it, that the thief will retrieve data from your device if you have only the lock-screen with a 4-character password as protection?

Is it easy for a hacker to get past that? Or can I lean back and be sure, that stored passwords in Firefox etc. cannot be retrieved?

rubo77
  • 747
  • 2
  • 11
  • 32

1 Answers1

1

I wanted to know, so I tried entering my password incorrectly repeatedly. (Motorola Droid 3 - Android 2.3.4)

After 5, 10, and 15 attempts I was given a 30 second "cool down" where I could not try again.

On the 15th attempt I was informed that if I entered my password incorrectly 5 more times I would be forced to re-sign in with my Google Account.

So after 20 failed attempts, you can no longer try to enter a password - you must sign in with your Google Credentials.

I would say you are reasonably secure from a brute-force password log in at the password screen.

This does not take into account any other methods - just attempting to brute force.

This answer may address methods that could be used to bypass the lock screen.

To specifically address your concern about Firefox for Android's stored passwords - you can disable Firefox Sync on a lost tablet (Mozilla's Instructions) by changing your sync password. Mozilla also suggests changing all of your passwords after it.

Community
  • 1
Dylan Yaga
  • 2,367
  • 16
  • 18
  • So it seems, there are some phones out with vulnerabilities to some hacks. But I couldn't find out, if my Galaxy Tab v10.1 GT-7500? – rubo77 Jun 10 '13 at 17:21
  • A lot of the bypass methods require your device to be rooted, or have USB debugging enabled - or to have access to your Google Account. If you weren't rooted, or had USB debugging enabled you can be reasonably assured of your security. The other exploits involve receiving a phone call. – Dylan Yaga Jun 10 '13 at 17:36
  • I had a phone card in there, but it only works for SMS; And it was not rooted.; The Mozilla suggestion only disables future passwords to be transferred to the stolen device. Passwords already in there are not deleted, if you change the sync password. So my main concern is that the thief gets access to my passwords already stored in Firefox – rubo77 Jun 10 '13 at 17:55
  • That is why Mozilla suggests to change all of your passwords after changing the master sync password. The passwords present become outdated and useless. – Dylan Yaga Jun 10 '13 at 18:42
  • 1
    I couldn't change them all. I have about 500 passwords in my password manager! Not so many important ones though, but still: they should not be revealed to the thief. But that's all off-topic. The thing is: I still wonder if it will be possible for the thief to see them or not. – rubo77 Jun 10 '13 at 23:24