Feature Request: RADIUS MFA ( other situations) need password with appended OTP - copy option

extensioncord
extensioncord
Community Member

JumpCloud, Okta and other IdPs implement MFA for RADIUS using [PASSWORD],[TOTP CODE] in the password field. Other sites and services need them concatenated with no delimiter. This is difficult on macOS, and extremely difficult on iOS in the VPN authentication dialog because the dialog does not present the standard keyboard (bug report filed) and multiple switches to the 1Password app are required. If 1Password added a copy password menu option to concatenate the password and OTP (copy, reveal, large type, copy + OTP, look up in vulnerable passwords), and a field to specify a delimiter for the concatenated OTP, that would be very helpful.


1Password Version: 7.3.2
Extension Version: 7.3.2
OS Version: 10.14.6
Sync Type: 1Password
Referrer: forum-search:password with appended OTP

Comments

  • Hi @extensioncord

    Our development team has taken a look at this, as it has been suggested in the past. The last time we looked at this there weren't enough systems using this sort of password+OTP concatenation to justify the potential confusion that having this in the app might cause. I'll mention it again, to see if thoughts have changed at all in this regard, but to be quite honest I don't have high hopes that this is something we would include.

    Ben

  • extensioncord
    extensioncord
    Community Member

    This is in response to three companies needing to implement MFA for VPN as part of a SOC2 certification audit. There are other security policy and regulatory compliance pressures to implement MFA for systems not specifically designed for that, and RADIUS MFA is the way to do that, which always requires such concatenation. Hopefully your research will confirm that, and this will now be a priority. PCI 3.2 section 8.2 now requires MFA for remote access (i.e. VPN).

  • Thank you for the continued feedback on the issue. I have asked the development team to take another look, but I couldn't make any promises beyond that.

    Ben

This discussion has been closed.