Mobile devices such as smartphones and tablets store sensitive data. For example, a smartphone may store financial information such as bank account numbers which belong to the owner of the smartphone. As another example, a smartphone may store business secrets within emails and other documents which belong to a corporation for which the owner of the smartphone works.
A conventional mobile device controls access to sensitive data by requiring a password to be entered when the mobile device emerges from a “sleep” or a “power off” state. The owner of the mobile device enters a password known only to the owner into the mobile device, where the password is stored in memory. The password is not erased until the owner changes the password. For a user to change the password, the user must know the password.
In some arrangements, the conventional mobile device allows for a trusted party to access sensitive data in the event that the owner forgets the password. In this case, the owner grants the trusted party the right to change the password through either knowledge of the password or an ability to reset the device.