Safe to sell used Android-phone without doing factory reset

I’ve got an Android One-unit with Android 10. However it refuses to boot and I’ve decided to get rid of it and I think I get get some money by selling a broken phone online. However since it refuses to boot I can not perform a factory reset or similair procedures. Is is safe to sell it or can personal data get in the wrong hands?

Some information:

  • I have not changed the encryption settings, so I think it’s encrypted by default
  • I got two factor authentication turned on on my Google account and removed the device from my “trusted devices”
  • I have screen-lock turned on with pattern needed to unlock it.

Router infected; Factory reset not working

Recently, I was being redirected (occasionally, not every time) by “” (no information on google) to malicious webpages. I scanned my every thing using quick heal, but it didn’t find anything. I noticed this was happening with all the devices at home connected to the home router. Further, when I used mobile data there was no redirect. I figured out that my router must be infected. I factory-reset my router, but now I am being redirected by “” (a redirecting virus according to google) to malicious ads (on all devices connected to the home router, occasionally). What should I do? Is there something that I missed while factory-resetting my router? Can I clean this thing off my router or I have to buy a new one?

How does password reset work if 2FA is enabled?

(There is a highly related question, however I believe mine is not a duplicate, since it deals with resetting a password without access to the account, not changing it while being logged in.)

Say someone has gained access to my email that I used to register some accounts with. Assume also that these accounts all have some kind of 2FA, be it a 30-second code generated by an app, a U2F key – the type doesn’t matter for my question.

In my understanding, in order for the attacker to change the password of an account, there are two ways:

  • Log into the account and change the password in the internal settings, without using the associated email. Even if we leave our computer/phone unattended with an active session of the relevant account, therefore bypassing the need for the hacker to also guess the account password, the change is still impossible. This is because, as explained in the question linked above, this would require at least 2FA verification, possibly 2FA + the original account password.

  • On the log-in screen for the account, use the ‘reset password’ option to send a reset email to the email account that we assumed the hacker had access to. I am confused as to what happens then:

    1. is the 2FA needed to send the reset email in the first place? If not,
    2. is the attacker able to reset the password, but not to actually log in, since the 2FA is still in place? This essentially means that they can’t access the account, but nor can we.
    3. is the attacker able to reset the password and log into the account, since the 2FA somehow becomes void?

Of course, scenario 1) is the most desirable from the perspective of the legitimate user, 2) is significantly worse, 3) is tragic. But which one actually happens when someone tries to reset a password for an account with 2FA enabled?

Automatically reconfigure router when it is reset

Is it possible to automatically reconfigure a router when the router is reset?

My 13-year old son is resetting the router to bypass time controls (set to go off at midnight). I can configure the router to block access midnight to 5am when he should be asleep, but resetting the router bypasses this. The router can save a backup file (config.bin) and restore settings from the file, but this requires 1) being awake, 2) being aware in real time of when the router is reset 3) logging into the router and 4) restoring the settings.

Is there a way I can reasonably have a connected device (ideally my android phone or something in the router itself) log into the router and restore the settings when the router is reset? My computer isn’t generally on full time.

The router is a tplink router that has a web-based settings panel.
I’m technically literate, but by no means an expert.

To address the comments that are likely to arise about this being a parenting/ communication problem, I fully admit and accept this criticism, but he is 13 and constantly staying up until 2-4am is causing problems and he isn’t responding to discussions and other consequences. Thanks

Insufficient security vulnerability on password reset via email

We have a system where if you forgot your password and want to reset it, to go to the forgot password page and enter your email address. A temporary link will be sent to your email to reset your password.

Now, when we subjected our app to penetration testing. An issue was found:

“Application is giving clues of possible valid email addresses when attempting to reset password.This functionality can be abused by simply guessing possible email address and being able to find valid ones through the error messages.”

Well, there’s only one field and of course its obvious that if a reset password attempt fails, its due to an invalid email. Seems this penetration test is wrong. Are there any solutions to fix this issue besides adding an additional field (besides email) for password reset?

I have password reset link with a long string of characters. What do those characters mean? [closed]

I have password reset link with login/reset_password?h=f7f7935cf3f63b3c01fc6987fb80f05c what does this h=32 characters mean?

I am testing a password reset functionality and found out that there is an URL parameter h with 32 characters in the password reset link. What is the purpose of these 32 characters?

How to reset MariaDB into a “fresh install” state?

I had InnoDB corruption and managed to start the server in read only mode and perform a fresh backup using innodb_force_recovery=5.

This way of starting the service puts the databases in read only mode, even deletion is disallowed.

Is there an official procedure to reset the whole server into a fresh installed (or at least “empty”) version?

And in case there isn’t, then what are the correct uninstall/reinstall steps to make sure there will be no remaining residues of data that could generate problems in the future?

Does Leomund’s Secret Chest last only 60 days reliably, or can this timer be reset?

Leomund’s secret chest is a spell that lets the caster hide a very expensive chest in the Ethereal Plane. However, its drawback is that after 60 days, there is a chance the spell ends. If the spell ends while the chest is in the Ethereal Plane, it’s lost forever.

My question is, where does the 60 day counter start? Is it from the moment of casting, so that you need to re-cast the spell every 60 days? Or do you just need to recall the chest every 60 days to check on its contents?