Thursday, September 29, 2016

What to do if you're locked out of your phone after resetting it

While it's for our own good, Factory Reset Protection can trip you up when you reset your phone. These tips can help.

Getting stuck when trying to reset your phone seems to be a fairly common thing. The reasons for it are good — Google has methods in place to try and cut back on phone theft — but when it's your phone and your data, it can be frustrating if you can't use it. Here are a few pointers that can help if it happens to you, as well as what you can do to prevent it from happening.

Why do I need to know the old account information?

In recent versions of Android, once a phone has been tied to a Google account you need to use the same account and password to "unlock" it if you reset it. It's called FRP (Factory Reset Protection), and it's done to make stolen phones less valuable; if you steal my phone you can't unlock the screen to use it, and if you reset it you need my Google account information to set it up again. If you can't use my phone, you're less likely to steal it. Or if you've found a phone and can't use it you'll be more likely to turn it over to the police. Every company that makes phones with access to Google Play is using this feature and some also have their own version that can do the same thing through their accounts.

Even a great idea seems bad when it keeps you from using your phone.

The problem is that if you reset your own phone, or buy a used phone that still has FRP active you might need to know the account username and password that was last used on the phone to sync with Google's servers. Resetting the phone through the settings should remove the account before it erases the data, but it very often doesn't. Sometimes we forget those details, or if we bought a phone from someone else we might not be able to get them. While people are always looking for exploits to work around the FRP lock, once found they quickly get patched. (Though sometimes those patches take a while to work their way through manufacturers and carriers, so it's always worth a Google search.)

When this happens on your own account and you have access from another phone (or tablet or computer) first instinct is to have the password you forgot reset so you can move forward. But that only locks the phone setup completely for at least 24 hours because another security feature stops you from adding access to your Google account on the phone right after a password change or other "suspicious" activity. On phones running Lollipop, this might be 72 hours — Google changed it in May 2016 and some phones need a software update for it to take effect. Every time you try starts the 24-hour clock new, and we all would keep trying over and over out of frustration.

So what should I do?

There are three ways to get in. The first, using the Google account recovery tool, will only work if you took the time to set up a backup phone (and can swap your SIM card with another phone to get a text) or second email account. We'll go over how to do that in the next section, but if you already did it you can click this link to start the recovery process. Make sure your phone is charged and turned on, and make sure you have access to a phone using the recovery number or the recovery account email. If you're using two-factor authentication, you'll need a way to authorize your account. If that would usually be the phone you're trying to unlock, the recovery tool will walk you through the steps to disable 2FA or use a CAPTCHA code.

The next step is to reset your account password from another device, then wait 24 (or 72 — see above) hours before trying to set it up. You can leave the phone powered on or shut it off, just don't try to do anything with it while you're waiting or you may reset the countdown. Waiting a full day (or three) really sucks, but it's better than not having any access to your account and not being able to use your phone ever again.

If you bought used, you'll need to contact the original owner for some help.

The third option is for advanced users, and may not work on your particular model. You can try to wipe the phone's data and cache partitions through the device recovery. This used to work on some models, never worked on others, and even triggered a dialog asking for the same account details as setup does on others. But if you're into fiddling with things, this is pretty easy to try. The other thing to try is to reflash the operating system. Using whatever tools are needed on a computer (Fastboot, Odin, LG Flash Tool, etc.) and the correct factory image to completely erase the phone and start from scratch. This too isn't 100%. Rooted users can try ADB through recovery and then remove specific files from the settings database — search your particular model for more on this.

If none of these solutions work you can try filling out this form or calling 650-253-0000 to work through the Google Accounts customer service menu. You can also try checking with the company you bought the phone from, as they may have experience solving the issue.

If you aren't the original owner and don't have access to a way to recover the account, you'll need to contact whoever you bought it from.

Account recovery options

Save yourself some headache and set up your account recovery options. Visit your Google account settings page and run the "Security Checkup" you'll find in the left column. You can tell Google how to send you a token to get into your account if you're locked out and select recovery questions as part of the first step. We recommend you provide all the detail you can here. Just because the FRP "issue" hasn't hit you yet doesn't mean it never will.

With password managers and 2FA settings, the days of just remembering a simple account password are over for a lot of us. Don't think that you'll never be locked out of your own phone and your own account! Take a few minutes and make sure Google can help you get in if you need them to.