Locked out of Aegis
JonatanWick opened this issue · comments
Version
3.0.1
Source
Google Play
Vault encryption
Yes
Device
Samsung Galaxy S23 Ultra
Android version
Android 14
ROM
Not a custom ROM
Steps to reproduce
I removed the biometric unlock to use a regular password for the Aegis Authenticator to make it more secure. After I turned off biometric unlock I clicked on change password, everything went fine but when I tried to log in again, the password I had entered didn't work. I checked it many times before saving it to make sure I didn't make any spelling mistakes. I suspect the valve is still encrypted by the biometric unlock and not the saved password? I hope you can check this out because it could really ruin someone's life and I would love any suggestions on how to unlock it.
What do you expect to happen?
The saved password to work (unlock valve).
What happens instead?
I am locked out of the vault and have no way to unlock it.
Log
No response
My suggestion to fix this:
- I should have been asked to enter my password when I turn off the biometric unlock.
- I should have been asked to enter my password before I changed it.
- Make sure that the changed password is used for the encryption and not the biometric code when it is turned off.
Are you sure that what you're describing is what actually happened? While I agree we probably should implement a way to ask the user for their password as soon as they want to disable biometric authentication, I find it hard to believe your vault suddenly is not unlockable anymore after changing passwords. Your suggestions to fix this issue also won't fix the issue you're describing, it only fixes the issue where people won't be locked out of their vault after disabling fingerprint.
In case I'm incorrect here; can you reproduce the issue you're describing?
I was concentrating when I did it so I think that's what happened, but of course it needs to be tested to be sure. I closed the application after disabling the biometric unlock and changing the password and then I couldn't log in with the changed password, I guess the new password was not saved or something else happened that I don't know because I'm not familiar with how the program works under the hood and I have very little programming knowledge. If I had been prompted for my password before I changed it, it might have prevented me from changing it in the first place, and if the password changes weren't saved, I might still be able to open it with my old password. My suggestions are just things I think should have been there in the first place to prevent anyone from making mistakes, someone with more knowledge of how it works is much better equipped to solve the problem.
Ah right, yeah that makes sense!
I guess the new password was not saved or something else happened
I think this is what happened. Your vault probably still has your old password saved. We unfortunately can't help you gain access to your vault but we will definitely implement asking for the password first before disabling fingerprint unlock.
Hope you're able to figure out your old password for the vault!
@michaelschattgen Please make it a priority and also check if there is a problem with changing password.
As of right now there's no known issues with changing passwords and we are unable to reproduce this.
Somehow it wasn't saved for me but that is all I know.