Question about the encryption and password

[Phoner6]

When you start the phone and have to put the passcode to decrypt it, you can then use it. I don't get why we then must have a password on it for when the phone times out? I'm pretty sure when the screen goes off and when you press the power button, when it asks for your password it is not even encrypted anymore or else we wouldn't be able to see our wallpaper and notifications. So what is the point in this? Why can't we only have the password for the encryption on bootup and have a simple touchscreen unlock for unlocking it.

 

[foxbat121]

Are you using your phone to access corporate exchange email account? If so, that's an exchange policy to prevent your phone leaking sensitive internal communications if you accidentally lost your phone. Typically it will wipe your phone clean if you can't key in the correct unlock passcode/password 10 times.

Otherwise, Not sure what you are talking about. The phone is not encrypted by default. Your boot up passcode is the same passcode you set (or didn't set) for unlock the phone. It is there to help protect your personal information in case you lost it or your significant other get hold of your phone.

 

[jj14x]

It makes sense, doesn't it? You encrypt your phone to keep it secure (in case it falls in wrong hands). Most of the time, your phone will be in standby mode (not powered down). So, if you lose your phone when it is in standby mode, wouldn't you want your phone to be secured with a password? If not, whoever stole your phone could easily get into your phone, and get whatever they want.

 

[Phoner6]

It makes sense, doesn't it? You encrypt your phone to keep it secure (in case it falls in wrong hands). Most of the time, your phone will be in standby mode (not powered down). So, if you lose your phone when it is in standby mode, wouldn't you want your phone to be secured with a password? If not, whoever stole your phone could easily get into your phone, and get whatever they want.

Well I'm a big boy, if the phone isn't encrypted in standby mode then I don't see the point in having to key in a password each time. If it encrypted itself each standby time I'd probably allow that, but it only encrypts itself when it's turned off so I don't see the point. I have a secure password to stop it easily being cracked and it's a pain in the behind to key it in each standby when the phone isn't even encrypted at the time.

No foxbat this is my personal phone even.

My point is this:

I activated encryption on the phone. I used the password option, but since then I now also need to enter the password each time to get it out of standby, when it isn't even encrypted. It's in an decrypted state so I don't see the point in having the password mandatory then, and not even letting me decide.

 

[foxbat121]

I see what's going on.

The phone encryption is only used to encrypt stuff stored on the storage. They are never unencrypted on the storage. But when you need load apps or data from the storage, a password is needed to unencrypt them when load from storage into the memory. The password on unlock the phone is probably a good practice since those who really need to encrypt the phone probably need this policy as well. Not necessary but it is a good practice.

Now, I personally never will use this phone encryption feature. Why? The way I see it, it is only necessary for the type of person who needs their data protected so tight that even if someone or government get hold of your phone and tries to read the data off the flash memory chip directly, it won't work as it is encrypted on storage. Average joe does not have the equipment or means to do so. So, for personal uses, a PIN code is more than enough.

 

[jj14x]

Well I'm a big boy, if the phone isn't encrypted in standby mode then I don't see the point in having to key in a password each time. If it encrypted itself each standby time I'd probably allow that, but it only encrypts itself when it's turned off so I don't see the point. I have a secure password to stop it easily being cracked and it's a pain in the behind to key it in each standby when the phone isn't even encrypted at the time.

No foxbat this is my personal phone even.

My point is this:

I activated encryption on the phone. I used the password option, but since then I now also need to enter the password each time to get it out of standby, when it isn't even encrypted. It's in an decrypted state so I don't see the point in having the password mandatory then, and not even letting me decide.

Are you under the impression that your encrypted phone isn't encrypted in standby mode (and is only encrypted in powered-down mode)?

 

[Phoner6]

When I first turn the phone on a grey screen comes up and I have to put in the password. Then it boots up my phone and I get the lockscreen and have to put the password in to unlock so I can use stuff. When it goes out of standby it doesn't go to the grey screen, it goes to the lockscreen where I have to put in the password.

I get the impression it's only encrypted when I shut it down and before I put the password in on the grey screen. If the device was encrypted during standby why does it take me to the lockscreen rather than grey screen. Also when I first turn it on why do I have to input password at a grey screen, and then again at the lockscreen?

 

[foxbat121]

Stuff in the flash storage chip is encrypted and remain encrypted. Stuff loaded in the memory is unencrypted. Whenever you load anything from storage into memory, the phone will need your password to unencrypt into the memory. The first grey screen at boot up is the real requirement. After that, the phone caches your password in memory for future decryption use. The lock screen is a separate and unrelated feature. It seems that whenever you encrypt the phone, it also enabled lock screen password requirement.

It kind of makes sense. Remember files store in the storage remains encrypted. Most of them are not loaded into the memory at all. And since phone caches your first password for decryption, if it didn't require a lock screen password, and someone else get a hold of your phone, they can then process to read/unencrypt all the files in the storage without any problem. That defeats the purpose of encryption in the first place.

 

[Phoner6]

Stuff in the flash storage chip is encrypted and remain encrypted. Stuff loaded in the memory is unencrypted. Whenever you load anything from storage into memory, the phone will need your password to unencrypt into the memory. The first grey screen at boot up is the real requirement. After that, the phone caches your password in memory for future decryption use. The lock screen is a separate and unrelated feature. It seems that whenever you encrypt the phone, it also enabled lock screen password requirement.

It kind of makes sense. Remember files store in the storage remains encrypted. Most of them are not loaded into the memory at all. And since phone caches your first password for decryption, if it didn't require a lock screen password, and someone else get a hold of your phone, they can then process to read/unencrypt all the files in the storage without any problem. That defeats the purpose of encryption in the first place.

This explains it all, thanks.