Recover login details

Tiny Tiny RSS Support
1

Describe the problem you’re having:

I can’t log into my TT-RSS account in web browsers or the Android app. As far as I know I didn’t change my details. The last time I logged in was last week.

If possible include steps to reproduce the problem:

tt-rss version (including git commit id):

Platform (i.e. Linux distro, PHP, PostgreSQL, etc) versions:

Shared hosting?

Please provide any additional information below:

My username and password that I’ve been using for months suddenly stopped working when I tried to log in on different browsers. I’ve tried Firefox, Chrome and Edge in and out of incognito mode. I went to check the Android app (which I had already been logged in to) and it now says that my username or password are incorrect.

My TT-RSS page was publicly accessible and while my credentials weren’t super obvious, they were probably guessable if someone was extremely motivated. (why tho??) I genuinely don’t remember changing anything and I haven’t ever had any need to. This gives me the impression someone else has gotten in and changed it.

Is there any way to find login credentials in the config files or something like that? Of course, I have access to all the TT-RSS files on the server.

Thanks!

2

it’s literally right there in the FAQ.

3

You can reset your password by clicking the reset password link on the login page. If for whatever reason you don’t have that working (email delivery wasn’t setup on the server, hacker changed the email address, etc.) you can reset it directly in the database:

https://community.tt-rss.org/t/how-to-change-my-password/963/2

A couple of other things:

  1. Use better passwords, including two-factor authentication (TT-RSS supports this).
  2. While we appreciate you taking the time to read the Read before Posting thread, in the future would you please also try searching the forum to make sure others haven’t already had this issue and found a solution. I literally clicked the magnifying glass in the top-right, typed reset password and was shown several threads with the details.

Please feel free to reply if the above solution doesn’t work.

4

this gave me a thought - maybe we should notify user on password change?

5

I’ve always found that type of thing useful for banks, email accounts, and other high-value targets; but I’m not sure a feed reader falls into the category. :man_shrugging:

Easy enough to add though. If you do, I’d go big:

  • Notify enabling/disabling of 2FA;
  • Change of email address (email to the old address).

e: Oh, it would be nice if the whole notification thing was admin tunable (boolean on/off) in config.php. :slight_smile:

6

yeah both of those make sense, i’ll make a note.

oh i really hate adding things in there.

7

I get that. It can get messy with a bunch of stuff in there.

8

https://git.tt-rss.org/fox/tt-rss/commit/ef514bc4bd13fc5a05303f4cb065abddd078250e

not sure if i forgot anything

e: right, 2fa

https://git.tt-rss.org/fox/tt-rss/commit/2820f41a4bd7295aef15c28ec8a67646d9e643cc (not tested)

9

All sorted, appreciate your help everyone!

I guess I freaked out and used shitty keywords when searching the forums :sweat: