I am trying to login into my heroku account but that fails with There was a problem with your login.
I have already reset my password and tried logging in from four different browsers on three different machines, to no avail.
I would raise a ticket at the heroku helpdesk but that is not possible without login. Any idea how to proceed on this? I haven't found a traditional hotline to call either...
Heroku experienced a major security incident last month and further determined that an "attack agent" exfiltrated hashed passwords. Because of this incident, Heroku reset all user passwords on May 4.
From the incident page:
Salesforce is ensuring all Heroku user passwords are reset and potentially affected credentials are refreshed. We have rotated internal Heroku credentials and put additional detections in place.
For now, a password reset to something other than your last password is not a bad idea.
Resetting my password worked for me
Related
I am trying to login into my heroku account but that fails with
Couldn't find that user.
I have already reset my password and tried logging in from different browsers.
I stupidly deleted my Authenticator app on my mobile phone and now I am unable to login to my Heroku account. Is there any way round this?
I had the same issue.
If you have Multi-Factor Authentication, recovery codes can get you out of lock out.
If you do not have those, the only way is to reach out to Heroku Support. They'll ask some questions to verify your identity, and provide a single recovery code.
Refer to this link for more details.
When I try to log in on git bash it says "heroku: Press any key to open up the browser to login or q to exit:". I am pressing it, but it's stuck here. It wont open browser for login.
Looks like there is an incident with heroku login! Facing the same issue. Cannot login via the dashboard too.
Have you reset your password yet? They just force reset all passwords that hadn't been updated since a recent breech occurred. I was unable to login this morning and found all my sessions had expired. Once I did the password reset I was able to login again as normal.
Details
Salesforce-owned subsidiary Heroku on Thursday acknowledged that the
theft of GitHub integration OAuth tokens further involved unauthorized
access to an internal customer database.
The company, in an updated notification, revealed that a compromised
token was abused to breach the database and "exfiltrate the hashed and
salted passwords for customers' user accounts."
As a consequence, Salesforce said it's resetting all Heroku user
passwords and ensuring that potentially affected credentials are
refreshed. It also emphasized that internal Heroku credentials were
rotated and extra detections have been put in place.
Official: https://status.heroku.com/incidents/2413
Press: https://thehackernews.com/2022/05/heroku-forces-user-password-resets.html
When using Heroku Multi-Factor Authentication, is there any way to login via the console without opening the browser?
ubuntu:~/environment $ heroku login -i
heroku: Enter your login credentials
Email [hello#gmail.com]:
Password: ****************
› Error: Your account has MFA enabled; API requests using basic authentication with email and password are not supported. Please
› generate an authorization token for API access.
›
› Error ID: mfa_required
Yes. Basically, to set this up what you want to do is:
Login to Heroku and create an API Token under "Account settings". (You said "without opening a browser", and I'm assuming you mean 'How to authenticate from the command-line'. To set this up you will need to open a browser ... once ;)
In your local machine's home directory, check to see if you already have a file called .netrc. If not, simply create one like so -- touch ~/.netrc.
From there you'll want to append the following to that file (and save):
machine api.heroku.com
login <your-email-goes-here>
password <the-api-token-goes-here>
machine git.heroku.com
login <your-email-goes-here>
password <the-api-token-goes-here>
If you just created the .netrc file you'll want to chmod 600 .netrc to give it necessary permissions.
At this point, you can try the command heroku auth:whoami and hopefully see your user e-mail printed back to you.
FWIW, Heroku does have some docs covering this here, but to be honest, the docs are rather disjointed and I would think unhelpful to someone that's never done something like this before, which is why I tried to go step-by-step.
I hope this is what you wanted and / or someone finds this helpful :)
For multi-factor authentication enabled heroku account, If you can get the API key then there is a simpler way to sign in via CLI. type -> heroku login -i
enter the email id associated with your heroku account and for password you must enter the API key that you got from the account settings page.
No more works password for admin. In archiva.xml admin is in default users.
And not propose on start page to set admin password.
Already tried deleted users dir. Problems persists.
Any ideas please?
From my personal experience, I've had success by resetting the Admin password 6 times (the default amount of previous passwords stored by Archiva) to retain the same password. Make sure that the admin's email address is set to an email address belonging to an account that you can access.
You could reset your password 1 time of course, but that might entail you having to change your password in multiple places, such as your Maven settings.xml, Jenkins, etc.