Login attempt failed from iOS device

No Cloudflare here. I do use an SSL proxy to front end external connections on 443 and push them through to 8123.

Same here! Don’t think it has to do with camera feeds. I’ve had the messages before having the camera feeds.

I run the latest HA thru duckdns and I indeed think it is a glitch somewhere

This seems to be an iOS issue, app auth token expiring or something similar. I only run HA internal, and get login failed daily from the only iOS device I have on the network. It is the only device that reports invalid logins – happens if the app is in the background for a while though I don’t know the exact timing. The app does not report errors or a login failure so it happily reauthenticates fine, but I think it is sending an expired token first triggering the HA alert.

1 Like

Have you tried toggling background app refresh? :thinking:

I’m not too much up on Apple tech, but more than willing to try anything at this point. I will search on that option to see what I can find. It’s not really a critical issue, just a bit of an annoyance for me.

*edit: Background refresh for the Home Assistant app was on, I’ve toggled it off. time will tell if I get another message though I don’t expect much from my testing. The alert typically happens when the ipad comes out of sleep, or my wife switches back to the app from another she is using.

Same issue here as well. Only my wife’s iPhone is causing these invalid logins. My iPhone is working fine. We both use the same HA instance with identical views and cards.

Updating this thread, changing background refresh had no effect. I still get an invalid login attempt at least once a day from the ipad.

I’ve reinstalled the app on my wife’s ipad, created a new account, setup a new instance of HA and just about everything in-between and still get the alert once a day at least. Same as you we use the same dashboards – unfortunately her iPad is the only iOS device we have to test with, interesting to know only one of your IOS devices is creating the notification.

I use also RTSP camera hand have this issue. Maybe, a proxy are the solution.

i delete my database and now no more errors… maybe worth a try for others if you don’t find the data is gone

1 Like


Is that safe?

Any instructions or guidance you can share @Sven12345 ?

maybe this can help you I have my database running on mysql should you have that too I will also try it for 2 weeks now no error. hopefully it will stay that way…

and solve the problem also by your HA?

Login attempt failed messages started popping up today. iOS 15 on my iPhone 12. HA version 6.4. Is there a known fix?

Here is the automation I came up with, entirely based on your idea, with the added more elegant trigger that was missing :

alias: Hide iPhone co notification
description: 'Trigger at iPhone Login attempt failed notification, to remove that notification'
  - platform: event
    event_type: call_service
        title: Login attempt failed
        notification_id: http-login
      domain: persistent_notification
      service: create
condition: []
  - service: persistent_notification.dismiss
      notification_id: http-login
mode: single

It triggers on any persistent notification creation with title = Login attempt failed and notification id = http-login, which correspond to what I get often as well when I launch the HA app on my iPhone.

Pros :

  • No more Login attempt failed notification !
  • It’s clean as it only tigger on http-login notification, and it’s the only thing it remove
  • Login attempt failed are still visible in HA logs as WARNING

Cons :

  • No more Login attempt failed notification at all of any kind ! You will only be aware of any failed login (proper or malicious) if you happen to go check HA logs. Only apply this solution if you’re confident enough in HA security you’ve set (proper password, ip_ban_enabled: true, double authentification, https from outside, … ), and if you’re sure you only have an issue with that specific case of the iPhone application.
  • It’s not a fix to the actual issue, stay aware of ip_ban_enabled: true, I recommend setting login_attempts_threshold at least to 10, I once had my iPhone ban at 5…
1 Like

I had a camera (xiaomi vacuum map extractor) on main tab. I moved it to another and problem disappeared. I figured out it from nginx access log, it can help you to understand this behaviour.

1 Like

Had the same issue and i could fix it for me.
I deleted the „Mobile App“ integration for this device in home assistant and login errors were gone.

After this i reinstalled the iphone app and everything was as it should be

My automation stopped working few months ago …
Here is the one I’m currently using (Source : WTH are those Login Attempt failed? - #85 )

alias: Hide Notification http-login
description: 'Trigger at Login attempt failed notification, to remove that notification'
  - platform: state
    entity_id: persistent_notification.http_login
    to: notifying
condition: []
  - delay:
      seconds: 1
  - service: persistent_notification.dismiss
      notification_id: http-login
mode: single

From various feedback I could match with my case, the issue seems to be related to HA trying to refresh a remote connection before it has itself finish authenticating. In my case, I get the notification when the application opens back to the lovelace page with my vacuum map (a HA camera), either after a full shutdown of the app or a connection change

Here’s a slightly better (more targeted) automation which will automatically dismiss any notifications for failed login attempts based on a specific ip address. Just be sure to update the ip address in the value template for the device that is causing the issues. This may not work if your device changes ip addresses, but you could change the condition to an “or” condition and add more template conditions to dismiss login failures for other ip addresses.
I hope this helps!

alias: Dismiss local login failures
description: ''
  - platform: state
      - persistent_notification.http_login
    attribute: message
  - service: persistent_notification.dismiss
      notification_id: http_login
mode: single
  - condition: template
    value_template: >-
      {{ "10.0.7." in state_attr("persistent_notification.http_login",
      "message") }}


very cool!

@meichthys , I have super minimal coding knowledge so this may be a silly question, but how does one input sever IP addresses? can this be done in the same command or do I need a new automation per IP address?