Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Single-factor authentication failing

See original GitHub issue

Sometime in the last few days, it seems like something has changed on Google’s end that prevents locationsharinglib from successfully authenticating. I’m using the locationsharinglib 3.0.11 with the following small shell script to refresh my cookie file:

# -*- coding: utf-8 -*-

import os
import sys

scriptFolder = os.path.dirname(os.path.realpath(__file__))
username = sys.argv[1]
password = sys.argv[2]
currentFolder = os.getcwd()
cookies_file = scriptFolder + "/" + sys.argv[3]

if os.path.isfile(cookies_file):

from locationsharinglib import Service
service = Service(username, password, cookies_file)

for person in service.get_shared_people():

It also fails in the exactly the same manner from Home Assistant 0.87.1. All was working last week, the last time I restarted HA.

$ '' '**********' '.google_maps_location_sharing.cookies'

Traceback (most recent call last):
  File "/home/hass/config/", line 21, in <module>
    service = Service(username, password, cookies_file)
  File "/srv/hass/lib/python3.5/site-packages/locationsharinglib/", line 366, in __init__
  File "/srv/hass/lib/python3.5/site-packages/locationsharinglib/", line 225, in __init__
  File "/srv/hass/lib/python3.5/site-packages/locationsharinglib/", line 263, in _authenticate
  File "/srv/hass/lib/python3.5/site-packages/locationsharinglib/", line 306, in _submit_password
    raise InvalidCredentials(body)

I don’t want to post all the response, because it contains personal identifying information, but the response contains “type: FIRST_AUTH_FACTOR” (I only have single-factor authentication), and “INCORRECT_ANSWER_ENTERED”. I’m sure I have the correct password. I’m able to login successfully via a browser. If any other parts of the response are pertinent, I can provide them.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:1
  • Comments:8 (4 by maintainers)

github_iconTop GitHub Comments

SteveDinncommented, Feb 23, 2019

Thanks for spending your time doing this. Just wanted to let you know that your work is appreciated! It helps make sure my porch lights are on when I come home at night 😃

Oh, and if it matters, I’m in Canada, so I guess this issue just started for us.

costastfcommented, Mar 5, 2019

I have removed the authentication part from locationsharinglib and uploaded version 4 with those changes. I have made a proof of concept project that drives a browser via selenium and saves the cookies in a compatible with locationsharinglib format. If anyone wants to try out the POC and very crud version because they are feeling adventurous you can follow the documentation at the end of the page . This is heavily a work in progress and only works for chrome currently, tested only on Mac (but i guess linux should also work) so please do not start creating issues just yet, unless you also want to contribute. I am planing to clean it up and and make it nicer during the upcoming weekends. I am hoping to have a somewhat properly working version out after the coming weekend supporting chrome for all latest version of Mac, Linux and Windows. Of course if anyone is interested in helping out, all help is welcome!

Read more comments on GitHub >

github_iconTop Results From Across the Web

Why Single Factor Authentication Isn't Enough to Protect Your ...
The use of multi-factor authentication effectively blocks brute force and credential stuffing attacks.
Read more >
Common problems with two-step verification for a work or ...
You are getting "Sorry, we're having trouble verifying your account" error message during sign-in. Microsoft may limit or block voice or SMS authentication...
Read more >
Why Single-Factor Authentication is a Vulnerability & Risk
Single-Factor Authentication Is Now Officially a Bad Practice ... The problem is that users are notoriously bad at storing passwords in a ...
Read more >
Azure Sign-ins showing Single-Factor Authentication, no MFA
I check the Azure Active Directory > Sign-ins log and sure enough, they're all Single-Factor Authentication, except for a few MFA login with ......
Read more >
CISA Adds Single-Factor Authentication to list of Bad Practices
Today, CISA added the use of single-factor authentication for remote or administrative access systems to our Bad Practices list of ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found