Password is correct but UI saying Invalid login or Password

mattclarkdotnet · July 19, 2023, 3:01am

The problem, I think, is that the app registers passwords under the “home-assistant.io” domain, but web access is through “homeassistant.local:8123”. This means when you reset your password in the app, it doesn’t get picked up by iCloud Keychain correctly in the web browser.

mattclarkdotnet · July 19, 2023, 3:14am

And on top of that, in Safari the correct username and password simply doesn’t work, while in Chrome it does.

petro · July 19, 2023, 12:55pm

This is because HA does not officially support password managers. HA officially supports the built in “Remember me” pop up after you log in, that’s it.

Plouf34 · July 21, 2023, 6:39am

Same for me since 2 days. Enable to connect to my Local HA via Safari on macOS. No issue via Chrome or edge.
Via Safari, only Nabucasa url works (via external in that case)

yohst · July 30, 2023, 5:32am

Does not work for me. Retyping usr/pwd in safari, chrome or opera all fail, login in through nabukasa is fine.

snovvman · August 2, 2023, 10:46pm

I know my user ID and password are correct. I am using the ID found in auth_provider. Also confirmed under Settings>People>Users.

When I go to the user change password, I type in the same password for current password, new password, and confirm new password, the returned error is “New password must be different than current password”, which suggest my current password is correct.

2FA is enabled and I am trying to log in locally using HTTP.

I have two computers (browsers) and one Android, one iOS all previously logged in using these credentials. I am trying to log in using a new computer (Chrome in Incognito, so no stored cookies) and new tablet on the same network. I rather not change the password and want to know what the real problem is.

What is happening here?

Edit: error below

2023-08-02 15:57:54.626 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 192.168.xxx.xxx (192.168.xxx.xxx). Requested URL: '/auth/login_flow/xxxxxxx6c9ecc7718a054bexxxxxxxxx'. (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36)

j.parker · August 8, 2023, 9:50pm

What I have found with the apple autofil (always fails) is to backup one character on username and replace it and do the same on password

pmh · August 16, 2023, 7:31am

I just registered to say thank you. Exactly my issue. Firefox on the Mac worked fine, but then I only use that to troubleshoot things so no autofill. iPad app also worked fine. Safari on Mac or iPad with autofill - no banana.

This has been driving me up the walls for two days straight. Of course searching for problems with my reverse proxy etc. etc.

So thanks again. What a bummer!

bevanting · August 16, 2023, 7:46am

Thanks! I don’t know if it’ll ever be fixed but one thing I’ve also found since (behaving differently): If you tick ”stay logged in on this computer" (or the equivalent - can’t remember the exact wording), then even if you reboot your machine and come back after a few days, it’ll log you back in on the browser without prompt for login again.
This used to work until the next reboot but I guess now that autofil is not working for us on the Mac, this is a good consolation!

thedeany · September 12, 2023, 9:53pm

I just encountered the autofill issue with my password manager, and this fixed it. I did inspect Safari’s dev tools and saw in the login network request, after autofilling, that the username and password were sending as empty strings. Backspacing a character and replacing it in each of the fields fixes it. I’m assuming this is an issue with password manager autofills not triggering the input field change events, so the data never gets bound.

Anyway, this is a good workaround.

hackthehouse · September 29, 2023, 12:14am

I just encountered this on my very first install. No password manager is installed on this machine.

Downloaded HA virtual disk for VirtualBox
Installed VirtualBox and followed instructions for installing Linux
Setup HA
Logged in via Chrome on OS X on the server running VirtualBox, worked fine
Tried to login via Chrome on OS X on my laptop, “Invalid username or password”
Tried a bunch of times, tried lower case username, found this thread
Changed my password via the web session I was already logged in under, it accepted my current password fine
Tried on other machine, same issue
Checked the network logs, it was sending over the correct username & password
Restarted HA, same issue, now I can’t login from the web browser it worked on
ran authentication reset --username “my_username” --password “mypassword”
Success! I can login on both machines

Home Assistant 2023.9.3
Supervisor 2023.09.2
Operating System 10.5
Frontend 20230911.0 - latest

Log shows:
* Login attempt or request with invalid authentication from gyst-server.lan (192.168.86.208). Requested URL: '/auth/login_flow/4a33ff98aff72752c2688ccea660adc8'. (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36)

nivvis · September 29, 2023, 1:12am

I have had this issue with the UI as well. This is usually (IME as a dev) due to not very robustly tracking javascript events in the UI. The UI may track the password as it’s typed (watching keyboard stroke events) but not track the state if the password gets entered through another event (like paste). I.e. the frontend sees no password and then sends no password to the local HASS API. This can be pretty quickly verified in the network calls. You should see no password sent in the API call.

How are bugs tracked on the UI side of HASS? Can anyone else confirm this still happens in the latest UI version? I have not had a chance to update my frontend to check. I can try if I find time soon.

nickrout · September 29, 2023, 6:56am

nivvis · October 27, 2023, 10:58pm

Looks like this has been fixed in a recent-ish build. I upgraded from 2023.05 to 2023.10 and now I can login w/o any issues using password managers.

My release:

Home Assistant 2023.10.5
Frontend 20231005.0 - latest

dbainbridge · December 15, 2023, 7:28pm

Just installed new version today by writing image on eMMC for Odroid-N2+ and have been locked out of my fresh installation after the initial web session was lost. Using Safari on macOS and am sure the username and password was correct (at least from what I entered on initial setup) and I am manually typing them in. Still trying to investigate.

dbainbridge · December 16, 2023, 2:07am

I tried re-flashing again and this time it worked. The two things I did differently was I used Firefox and left the username as-is when I typed in my name. I typed in the name “david” and username auto typed “david” as the username and I left it as-is. Now using even safari in private mode and signing in works.

Technoguyfication · December 16, 2023, 9:49pm

Ended up figuring out what was causing the error for me. I’m running my own DNS server with custom DNS entries on my network, and my browser had Secure DNS enabled for some reason. Not sure exactly what was causing HASS to deny the login, but disabling Secure DNS fixed it for me.

rplaughl · March 8, 2024, 12:57am

First time user of HA. Got the HA Green yesterday. Set it up yesterday using Android phone. Great. Purchased Nabu Casa HA Cloud subscription for remote access. Tried to access remote today using special URL. Denied due to incorrect password. I am 100% sure my username and password was correct. I was still logged in to HA on my phone. Reset password on my phone. Logged out of all devices. Tried to log in using new password that I just changed. Still can’t log in.

Is THIS the dreaded trouble with HA…

Day one is this bad…