This app was mentioned in 26 comments, with an average of 2.00 upvotes
Encryption and strong passwords go hand in hand (none of that 4x4 pattern or short pin code bullshit). You can use something like this and change your decryption password independent of your unlock password (you will still need decryption password once at boot).
The other thing I recommend is (at least for my N4 it used to work pretty solid) to get root, then relock bootloader and flash back stock recovery. This breaks your automatic updates on any ROM, but when a new version is available, you can always flash TWRP from within the ROM, then do your updates and reflash stock recovery.
The downside for this is that now you have root... (beware how you use your phone).
If you want a separate password for your full disk encryption, you'll need a third party app. I've recently used "Cryptfs Password" from F-Droid to do this (it's on Google Play Store too).
Android supports full disk encryption (there are lots of guides online). Everyone should use it, if only to keep your personal data safe in case of theft/lost phone.
One thing to be careful about is that by default android sets the filesystem (fs) encryption password to be the same as your lock screen password. This is idiotic for a lot of reasons (your lock screen password is usually short because you have to enter it so often, while you want your fs password to be long and brute force resistant). The App Cryptfs Password will let you change the fs encyption password so it isn't the same as your lock screen password.
I used Cryptfs Password previously. Android was using plain LUKS encryption, so some basic Linux encryption knowledge let you change the keys (or this app did it for you).
However, that seemed to stop working with Android 5. I believe Android is now storing the keys in some sort of hardware store. I haven't done enough investigation to look at it yet. :(
My Nexus 6 with stock android reports that it is encrypted. However, it also doesn't prompt me to decrypt it at boot. So...
Enable full disk encryption (fde). Use cryptfs app to allow the use of separate passwords for fde and lockscreen. Set a strong fde password. When your phone is powered off, it should be pretty secure.
Try installing and using Cryptfs:
https://play.google.com/store/apps/details?id=org.nick.cryptfs.passwdmanager&hl=en
It will let you change the device encryption password to be different from your pin, which will allow you to have a much stronger password on encryption, while retaining the convenience of having a short PIN for standard device unlocks.
I think this solved the problem for me, one week ago. Give it a shot and let us know.
Related thread:
I've seen this happen twice before when flashing. There is a bug somewhere that wipes your encryption to blank. Scary, I know! Just set it again, or use CryptFS to set a boot passphrase.
Also note, don't use the newest version of TWRP!
Titanium Backup
Cryptfs Password - allows a separate device encryption passphrase to be set while still using a PIN to unlock after boot.
https://play.google.com/store/apps/details?id=org.nick.cryptfs.passwdmanager
or
CopperheadOS - Support for a separate encryption password section
> It's a shame that Android doesn't let you use 2 different passwords: one for FDE and booting up, another one for the lock-screen.
An absolute shame that is not a built in feature, but would not calling 'cryptfs changepw' fix that? This app more less does that.
>If anyone knows how I can force my nexus 6 to require a password to boot (one that is separate from my screen lock), that would be really interesting to hear about.
There's actually an application called Cryptfs Password (F-Droid link) that does just that -- allows you to change the encryption password so it's separate from your lockscreen.
Note: use at your own risk, and only use on a device you feel comfortable wiping if you have to, as I've had so-so results with that app. (Used it on CyanogenMod 12 in the past and it forced me to have to reset the phone, but that may have been my own fault.) I have not tried it with Android M.
As for #3, I know the iPhone has a "after X failed unlock attempts, your phone will be wiped." And I know you can setup something like that via Tasker (maybe), but do you know if there's any other way of handling something like that in Android?
There actually is an app that can handle this as well -- Cryptfs Password (also available via F-Droid)
Proceed at your own risk, however. Last time I tried doing this I actually ended up messing up the encryption and having to re-format my phone. So make sure you have backups of data before attempting.
EDIT: Additionally, in the time since I posted this, I've learned that the encryption is actually much more secure than a 4-digit PIN would imply. The PIN only encrypts the actual key -- the phone itself has protections against brute forcing it on the device, and removing the internal storage from the device requires the attacker to try to brute force the (much longer) actual encryption key, not the PIN.
Since the PIN is only used to prevent online attacks, and the actual encryption key (that you don't know and can't give away) is for offline attacks, and since most attacks that you'd want to protect against will be offline, this is actually probably a much more secure option than many desktop FDE options.
I take it you haven't seen this yet. Doesn't require root, and allows you to set separate passwords for unlocking to power on and unlocking your screen
Use CryptFS.
I understand you can set a different password than your lock screen unlock pin:
> One slight issue with the disk encryption is that by default, the encryption key is the same as the unlock PIN or password. Usually, the unlock PIN or password is pretty short, since it is entered several times during the day.
> There are programs in the Google Play Store that separate the disk encryption password from the unlock PIN or password. An example is the CryptFS Password Manager. I highly recommend using that or similar tools (or the command line) to use a strong password for the full-disk encryption.
> Source: feise.com
Note that Cryptfs Password is also available on f-droid and the developer has more information about this topic on their website.
That's why you use cryptfs password to set a good brute force resistant encryption password.
https://play.google.com/store/apps/details?id=org.nick.cryptfs.passwdmanager&hl=en
yeah... rereading my post it seems like I'm advocating for locked bootloaders which makes me sad cause I'm actually personally very pro-unlocked bootloaders...
The silver lining here I suppose is that on phones like the nexus, in order to unlock the bootloader requires that you to wipe all data first. I guess that's part of the risk that is being taken when you want that deeper level control
However, if the password is strong enough it shouldn't be a problem. I've used this app on Kitkat and earlier to set a different encryption (boot) password than lock screen password. This way the first boot had a more difficult password, but unlocking the screen while on used a shorter pin.
Looking into this more, it looks like Android M does make it harder to bruteforce through some sorcery
https://play.google.com/store/apps/details?id=org.nick.cryptfs.passwdmanager&hl=en
As for the unlock part, no idea there.
Direct link to the app mentioned if anyone wants it: https://play.google.com/store/apps/details?id=org.nick.cryptfs.passwdmanager
Found an app that does this for you.
https://play.google.com/store/apps/details?id=org.nick.cryptfs.passwdmanager&hl=en
Found the app that does just that!
https://play.google.com/store/apps/details?id=org.nick.cryptfs.passwdmanager&hl=en
That article has a link to cryptfs to do that. It's worked well for me running stock rooted lollipop.
The only thing I can think of is root and use this app, which does exactly what you want.