It just doesn't make sense to me. Samsung's website clearly states that: "If you have a Samsung account set up on your device, you can unlock your device remotely on the Find My Mobile web page, using another mobile device or your PC." Of course this is 100% completely false if you have Secure Startup enabled and you simply power down and then power up your phone.
Once you are presented with the Secure Startup password prompt following a power on, the WiFi and LTE radios on the phone have not yet been enabled so you absolutely cannot "unlock your device remotely on the Find My Mobile web page, using another mobile device or your PC." despite what Samsung clearly states. If you don't remember your pw, your only option is to keep trying in vain until you run out of attempts and then your phone will factory reset.
This is an obscene/unacceptable behaviour in my opinion. Before anyone tries to school me about encryption or why Secure Startup was introduced, don't bother - I understand, I just don't agree. In its current implementation it is like telling all drivers: if you are a dummy and lose you car keys an interlock will prevent your car from being restarted - but don't worry you can always call OnStar, provide your password and have it unlocked and restarted remotely - OH wait, but only if your car is already running and your radio is turned on?? What is the point of a back up pw then?
Simply disable the Secure startup? You need to enter a pin/password anyway after start up since you can't use fingerprints. Secure startup means that your device won't fully turn on until you enter the password so if you enable that you have to consider all the things that it could affect.
But my question is not about using or not using Secure Startup, I know how that works and I understand the implications. My rant above is about password recovery. In a Secure Startup scenario if someone forgets their password on power up then their only option left is to completely reset their phone! For users that keep their phone charged at all times, they may have grown accustomed to only using their fingerprint and rarely require the Secure Startup password making it that much more likely to be forgotten.
Samsung clearly states that if you have a Samsung account set up you can unlock your device remotely using their Find My Mobile web page, but this is completely untrue in a Secure Startup scenario. So is Samsung wrong or am I?
I can think of several ways that Secure Startup could be improved to provide a much better user experience in the scenario where a user requires password recovery. Isn't that the goal here? Not just disabling it lol.
I found ways to bypass Secure Startup and get access to the phone.
Method 1: Enter the wrong PIN/password/pattern 8 times, restart the phone, then 8 more times, restart the phone, then the last 10 times to reset the phone.
Method 2: Reset the phone using the buttons.
1. Power off the phone.
2. Press and hold volume up and power button until the screen turns on, then let go of the buttons.
3. When the "No command" screen appears, press and hold the power button and the volume up buttons to go into recovery mode.
4. Use the volume down button to scroll to "Wipe data/factory reset" then press the power button.
5. Scroll to "Yes" to wipe all data and factory reset the phone.
6. After the process is done, press the power button one more time to restart the phone.
