# Phone Account Requires Re-Login



## Klaus-rf (Mar 6, 2019)

Curious if others are seeing this same issue. 

Android phone with Tesla ap installed. Have owned car (Mdl 3) since October, 18. So far, on five (5) occasions when launching the Tesla ap on my phone it wants me to login again. ??? I must re-enter my password each time this happens to have the ap connect to the car. Problem is I always use LONG, complex passwords (40+ characters) for all on-line accounts and there is no way I can possibly remember the password (and I don't even try to) if I'm not near a computer with my password database available. 

Is anyone else seeign their phone ap logged-out periodically?


----------



## lance.bailey (Apr 1, 2019)

yep, i occasionally see this


----------



## msjulie (Feb 6, 2018)

It happens on iOS every once in a while as well; I can't yet define a pattern.


----------



## MelindaV (Apr 2, 2016)

have not yet had to re-login (in over 8 months on an iPhoneX)


----------



## SMITTY (Jan 24, 2019)

40+ character password(s)?!!?


----------



## Klaus-rf (Mar 6, 2019)

SMITTY said:


> 40+ character password(s)?!!?


Indeed. I don't mess around with security things I have some control over. If 50 charactes are allowed, that's more better. But it's rare that current coders allow that much space for passwords (as if memory is precious??) - there ae still banks that allow a MAX of 8 characters - when was declared insecure by NIST 18 years ago!. I just don't do business with those.

But Internet Security is out of scope to this discussion.


----------



## MelindaV (Apr 2, 2016)

and how long is the password to the password keeping app?


----------



## NEO (Jun 28, 2017)

Yep, annoying as hell too. Has happened on my pixel and my wife's iPhone X about the same number of times. I looked around the account settings but never found anything related.


----------



## Ed Woodrick (May 26, 2018)

Klaus-rf said:


> Curious if others are seeing this same issue.
> 
> Android phone with Tesla ap installed. Have owned car (Mdl 3) since October, 18. So far, on five (5) occasions when launching the Tesla ap on my phone it wants me to login again. ??? I must re-enter my password each time this happens to have the ap connect to the car. Problem is I always use LONG, complex passwords (40+ characters) for all on-line accounts and there is no way I can possibly remember the password (and I don't even try to) if I'm not near a computer with my password database available.
> 
> Is anyone else seeign their phone ap logged-out periodically?


Yep, and btw, 40+ character passwords are bad, for exactly the reason you indicate.


----------



## garsh (Apr 4, 2016)

Huh. I don't recall the Tesla app ever logging me out.


----------



## DocScott (Mar 6, 2019)

It has happened to me a few times on iOS. When it happens to me on iOS, it seems to happen to my wife on Android at the same time, so it's the account, not the phone.


----------



## EValuatED (Apr 29, 2017)

It’s happened to me several times since I got my 3 last Fall, including this morning. (I was going to say not for a while but then checked the app this morning, lol.)


----------



## nonStopSwagger (May 7, 2018)

I use the built in password manager Google provide on Android, as the password I use for Tesla is machine generated. No way could I memorize it.

Whenever Tesla force me to enter the password, Android auto fills the field.


----------



## Klaus-rf (Mar 6, 2019)

Ed Woodrick said:


> Yep, and btw, 40+ character passwords are bad, for exactly the reason you indicate.


 I beg to differ. The LONGER the password is, the more secure (in addition to the storing site using a modern hash). The whole idea of using a password manager is that one never knows [or needs to know] the password to individual sites - no need to try to remember any of them. Use a different, Looooong, complex password for each site.



MelindaV said:


> and how long is the password to the password keeping app?


 30 is fine since it also requires 2FA and a fingerprint to access. That's three things. And it's not easily accessible from anywhere in the world to hack - like all websites are.


----------



## Needsdecaf (Dec 27, 2018)

Happened to me this week. Maybe the second or third time


----------



## MJJ (Aug 7, 2016)

Happens to us less than once a month, but did happen last night.


----------



## msjulie (Feb 6, 2018)

> Whenever Tesla force me to enter the password, Android auto fills the field.


iPhone as well, if you set up shared keychain; guessing it would with some 3rd party password manager

For those talking 2FA, if the code is sent to your phone/car key how does that help there?


----------



## Milo (Apr 4, 2016)

Happens periodically to me (Moto Z2 Android), more often to my wife (iPhone). I enabled fingerprint login, so I don't even notice it much.


----------



## Gatica (Oct 25, 2018)

I have had to re-enter my password after the Tesla app updated (iOS - iPhone XS Max) outside of that the app has stayed logged in for me.


----------



## Klaus-rf (Mar 6, 2019)

Gatica said:


> I have had to re-enter my password after the Tesla app updated (iOS - iPhone XS Max) outside of that the app has stayed logged in for me.


 Curious. My app version (android) has been updated twice since I've been using it and never asked for a password on an update.

It just randomly requires me to login again. No rhyme or reason so far. And I see others have also had this issue. Maybe it's Elon's fault?


----------



## Klaus-rf (Mar 6, 2019)

msjulie said:


> For those talking 2FA, if the code is sent to your phone/car key how does that help there?


 I suspect I was the only one talking 2FA. Codes can be called to the user (specify which phone number(s)), activate an app on the smart phone, the phone app can generate a code (not sent over the air), SMS text message (sent over the air) and a code generating token can also be used.


----------



## racekarl (Jul 31, 2018)

I don't know specifically how the Tesla app works, so take this with a grain of salt, but this is how things like this typically work (this is a simplified explanation):

When you log in to the app, your username and password are sent to the Tesla API server, which validates them and if they are valid returns two tokens (cryptographically signed text usually): 
1. A short lived (~30 minutes) "access" token that the app sends with every request it makes to the server and which verifies that the request is valid and coming from you.
2. A longer lived (~2 weeks) "refresh" token that the app uses to ask for a new access token when it expires. 

If the app makes a request and the access token has expired, the API will return an error message to the app. The app understands that message and then sends the refresh token with a request for a new access token. The API validates the refresh token, and if it's valid it will issue a new access token (and possibly a new refresh token) and you carry on without having to provide your username and password.

If however, the refresh token has become invalid, you as the user will be asked to log in again.

Refresh tokens become invalid for a variety of reasons: they expire, you change your password, some suspicious activity is detected and they are invalidated programmatically, etc. They can also be lost by the client (e.g. you uninstall the app, or it crashes or for some other reason is not able to access a stored refresh token).

I don't know what Tesla's policy for tokens is or what their logic is for invalidating them, but I would bet that this (or something similar) is what's happening.


----------



## msjulie (Feb 6, 2018)

> I suspect I was the only one talking 2FA. Codes can be called to the user (specify which phone number(s)), activate an app on the smart phone, the phone app can generate a code (not sent over the air), SMS text message (sent over the air) and a code generating token can also be used.


Yeah I know about 2F and SMS etc (itself not foolproof) - I just find it odd I sometimes get 2F challenges from a website ON my phone which sends the code happily TO my phone.. that's all..


----------



## Klaus-rf (Mar 6, 2019)

Well, it's twice happened again (STILL??) since I last posted in this thread about this continuing issue. 

This is beyond ridonculous. And much more important to fix that adding new games.


----------



## MelindaV (Apr 2, 2016)

Klaus-rf said:


> Well, it's twice happened again (STILL??) since I last posted in this thread about this continuing issue.
> 
> This is beyond ridonculous. And much more important to fix that adding new games.


I assume you are directing that rant at your phone manufacturer, right?


----------



## dburkland (Nov 12, 2018)

Mine did the same to me the other day, thought it was kind of strange and as a result reset my password (paranoid).


----------



## NEO (Jun 28, 2017)

Our iPhone and Pixel both got logged out this week. I assume it is a problem on our end. Would love a fix


----------



## mswlogo (Oct 8, 2018)

It's logged out on me 3 or so times in 9 months on iOS iPhoneX. Mine triggered just recently.

No biggie. And no, I don't use 40 character passwords.


----------



## msjulie (Feb 6, 2018)

I think it's the App's fault, too many people too many different phones. Password managers make short work of re-entering it but still...


----------



## Klaus-rf (Mar 6, 2019)

MelindaV said:


> I assume you are directing that rant at your phone manufacturer, right?


 Why would I contact the phone mfgr when it's clearly the application??


----------



## mswlogo (Oct 8, 2018)

Klaus-rf said:


> Why would I contact the phone mfgr when it's clearly the application??


I agree it's between the app and the server. Phone stays logged in on other apps.

I assumed it was an intentional security thing and that some credential token had expired.


----------



## MelindaV (Apr 2, 2016)

mswlogo said:


> I agree it's between the app and the server. Phone stays logged in on other apps.
> 
> I assumed it was an intentional security thing and that some credential token had expired.


than it would happen to everyone. In 11 months, I've been prompted to reentered my password in the app 1 time.


----------



## Jarettp (Dec 1, 2018)

MelindaV said:


> than it would happen to everyone. In 11 months, I've been prompted to reentered my password in the app 1 time.


So what you're saying is it happened to you too.


----------



## mswlogo (Oct 8, 2018)

MelindaV said:


> than it would happen to everyone. In 11 months, I've been prompted to reentered my password in the app 1 time.


And bugs never happen, right?


----------



## MelindaV (Apr 2, 2016)

Jarettp said:


> So what you're saying is it happened to you too.


AND the one time I needed to re-loginn was after changing my password. so no. the app didn't just randomly bump me off.
the post I was replying to made it sound like this should be a routine thing happening to everyone. my point is, it is not.


----------



## Bokonon (Apr 13, 2017)

FWIW both my wife and I (who share a Tesla account) have had to log back into the app during the last two weeks (her one week, me the next week). 

I think the way the app works (from looking at the API) is that there is an access token that expires after some number of days, and a refresh token that the app can use to automatically generate a new access token without prompting you to log in. If the refresh token expires, or the way it is generated/handled changes, then when your current access token expires, you will need to log in again. 

So, if we see a rolling wave of people being asked to log back in over the next month or so (as their access tokens expire), it may just be an indication that the way refresh tokens work has changed.


----------



## mswlogo (Oct 8, 2018)

I wonder if it’s happening to folks that have two phones connected (e.g. husband and wife).


----------



## undergrove (Jan 17, 2018)

mswlogo said:


> I wonder if it's happening to folks that have two phones connected (e.g. husband and wife).


My wife and I have had to log in again a few times over the last several months--iPhones.


----------



## garsh (Apr 4, 2016)

I've never had this issue on my Android phone.


----------



## Bandit (May 5, 2018)

As a data point my wife and I both have the app logged in under one account. Over the last year we've had the 3, we've had to re login roughly every 4-6 weeks. I didn't keep track because I thought this was working as designed, perhaps a security precaution. Anyhow it has always been this way for us since June last year.


----------



## undergrove (Jan 17, 2018)

undergrove said:


> My wife and I have had to log in again a few times over the last several months--iPhones.


Another point--we are both logged into the same account, but our app relogin requests always came at different times, sometimes weeks apart.


----------



## Bandit (May 5, 2018)

undergrove said:


> Another point--we are both logged into the same account, but our app relogin requests always came at different times, sometimes weeks apart.


Good point. Same here.


----------



## Klaus-rf (Mar 6, 2019)

So it's VERY common.


----------



## Jarettp (Dec 1, 2018)

MelindaV said:


> AND the one time I needed to re-loginn was after changing my password. so no. the app didn't just randomly bump me off.
> the post I was replying to made it sound like this should be a routine thing happening to everyone. my point is, it is not.


Its happened twice to me. Both time affecting my iPhone and Android concurrently. My password manager got me back in pretty quickly but it's definitely an annoyance that is happening to more than just the op.


----------



## BluestarE3 (Oct 12, 2017)

I just had it happen to me yesterday... maybe the third time since I got my car last November? Far fewer than the number of times I've had to re-login to my email account on my phone in the same time period. A nuisance certainly, but not often enough to be an irritation for me.


----------



## garsh (Apr 4, 2016)

garsh said:


> I've never had this issue on my Android phone.


Wouldn't you know it - I just had it happen today for the first time. 

This is just as likely to be a Tesla server-side issue rather than an app or phone issue.


----------



## mswlogo (Oct 8, 2018)

garsh said:


> Wouldn't you know it - I just had it happen today for the first time.
> 
> This is just as likely to be a Tesla server-side issue rather than an app or phone issue.


True, but if it were a server side issue why wouldn't everyone get hit?

I certainly don't think it's a phone issue.

My guess is something trips around security that isn't obvious and nothing is broken.


----------



## garsh (Apr 4, 2016)

mswlogo said:


> True, but if it were a server side issue why wouldn't everyone get hit?
> ...
> My guess is something trips around security that isn't obvious and nothing is broken.


Maybe people trying to break into our individual accounts on their servers.
After so many failed login attempts for an account, they decide to expire existing tokens and require the user to re-login.

Just one theory.


----------



## Klaus-rf (Mar 6, 2019)

Well, a new issue in this continuing saga with the Tesla app on Android.

The past 3 days I have not been able to connect to the car over the air using the app (with no connections changes over past 10+ months). Not a login issue as it did not ask me to login again. And when standing next to the car it will NOT open/unlock - BT is NOT working to the M3 but it IS working to my other cars.

I install an available update to the Android app and it still will not unlock or connect to the car after logging in. Gives error: 

"yellow triangle Exclamation point"
"Vehicle Connection error".

The joys of Windows 95 all over again.


----------



## mswlogo (Oct 8, 2018)

Klaus-rf said:


> Well, a new issue in this continuing saga with the Tesla app on Android.
> 
> The past 3 days I have not been able to connect to the car over the air using the app (with no connections changes over past 10+ months). Not a login issue as it did not ask me to login again. And when standing next to the car it will NOT open/unlock - BT is NOT working to the M3 but it IS working to my other cars.
> 
> ...


Have you tried rebooting your phone?

The Bluetooth Unlock (Phone As Key) is almost entirely separate from the Remote Control and App Login.


----------



## Klaus-rf (Mar 6, 2019)

mswlogo said:


> Have you tried rebooting your phone?
> 
> The Bluetooth Unlock (Phone As Key) is almost entirely separate from the Remote Control and App Login.


 Yep, at least ten times since the issue started. No joy.

Last PM I hard-booted the car and all appears well again with phone connectivity.


----------



## Klaus-rf (Mar 6, 2019)

Well, I found out the issues weren't over just yet.

I could not unlock the car using the closeness of the phone (via BT) but I could unlock/lock using the app. Once I entered the car, it would not "Start" with just the phone inside. so the BT connection was gone. ???

Phone still showed up under Locks, keys and was editable (could assign a profile) but the car just didn't see it. Deleted it from keys and (using a card key) re-added it to keys and it (BT connection) appears to be working correctly again. At least during my testing last PM.

Of course today, Sunday, is an even-numbered day. Don't know what it will do now. Will test it later.


----------



## kjtesla (May 29, 2017)

There was a new Tesla iPhone app update (3.9.1) posted yesterday that seems to have taken care of all my problems........


----------



## Klaus-rf (Mar 6, 2019)

Tried the phone BT connection again this AM - opening the door - and it still worked.

YEAH!


----------



## Klaus-rf (Mar 6, 2019)

App lost my password again yesterday.

In 8+ years of using a droid phone with Google mail, I've never had to re-enter a password.


----------



## Klaus-rf (Mar 6, 2019)

And another "Enter Password" prompt today. That's 9 times in 15 months of ownership.

I'd say this is a problem..


----------



## slacker775 (May 30, 2018)

I can't say that I've counted how many times I've had to log into the app, but it hasn't been so often that I've particularly cared. It does seem like there are occasions where they do a batch logout as opposed to it being an individual timeout/expiration per-account. I was signed out at some point yesterday and had to sign in again, and wound up getting the 2019.40.5 update to boot.

It's potentially a response to nefarious activity that they are picking up, and needing to invalidate all existing app tokens to prevent any further incidents/damage.


----------



## Klaus-rf (Mar 6, 2019)

slacker775 said:


> I can't say that I've counted how many times I've had to log into the app, but it hasn't been so often that I've particularly cared. It does seem like there are occasions where they do a batch logout as opposed to it being an individual timeout/expiration per-account. I was signed out at some point yesterday and had to sign in again, and wound up getting the 2019.40.5 update to boot.
> 
> It's potentially a response to nefarious activity that they are picking up, and needing to invalidate all existing app tokens to prevent any further incidents/damage.


 IMHO they're doing it wrong. On my phone, I have NEVER had to re-auth to my gmail calendar, for example, while years have passed.


----------



## garsh (Apr 4, 2016)

Klaus-rf said:


> IMHO they're doing it wrong. On my phone, I have NEVER had to re-auth to my gmail calendar, for example, while years have passed.


There's something different about your situation. I haven't had these re-authentication issues.


----------



## iChris93 (Feb 3, 2017)

garsh said:


> There's something different about your situation. I haven't had these re-authentication issues.


@Klaus-rf and @garsh - how many phones do you have on your account?


----------



## Bokonon (Apr 13, 2017)

Data point: two phones on our account, and I was prompted to re-enter credentials a couple of days ago. 

Possibly related, possibly not: one thing I've noticed when providing TeslaFi with a manually-generated Auth token is that the refresh token doesn't always work (ie when my token expires I sometimes have to manually generate a new one). This could be an issue with TeslaFi's handling of the refresh token, or it could be an issue with Tesla's implementation of refresh tokens. Or it could be gremlins, accountable to no one and inexplicable to everyone.


----------



## Klaus-rf (Mar 6, 2019)

iChris93 said:


> @Klaus-rf and @garsh - how many phones do you have on your account?


 Just one.


----------



## Klaus-rf (Mar 6, 2019)

Bokonon said:


> Or it could be gremlins, accountable to no one and inexplicable to everyone.


 Gremlins? Like The Irish Wee People??


----------



## iChris93 (Feb 3, 2017)

Klaus-rf said:


> Just one.


My blows my theory.


----------



## Vendacious (Aug 3, 2017)

I have two phones on my account, both Android. I have to re-authenticate both pretty regularly, maybe once every 6-8 weeks.


----------



## IPv6Freely (Aug 8, 2017)

It happens occasionally, maybe every couple months. I always assumed it was after an app update. Never really paid attention to it. I started using FaceID for the Tesla app about a month ago and haven't been asked to login since. No idea whether thats correlation or causation. For any other app I use a password manager and have iOS set up to use it so I never have to type passwords. Mine are always complex passwords as well.

It's not really a problem. The only issue is that if I'm not logged in (and I don't really have a way of knowing that I'm not without trying it), I don't get notifications of software updates available and such.


----------

