How do one-time passwords differ from logins? How're one-time passwords used?

How are one-time passwords used? How do one-time passwords differ from Logins?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:How do one-time passwords differ from logins? How're one-time passwords used?

Comments

  • BenBen AWS Team

    Team Member

    Hi @kennardn,

    Speaking generally: one-time passwords are used as an additional step to authenticate someone trying to access an account. They aren't a replacement for the password. You need the username, the password, and the one-time password. The logic behind requiring this is that the one-time password changes frequently (generally every 30 seconds). So, even if someone shoulder surfs you and writes down all of your credentials, they're only good for a maximum of 30 seconds, or whatever that timeout is.

    In terms of 1Password: 1Password can generate said one-time passwords for you, so long as they are using the TOTP standard (most are). You can read more about that here:

    Use 1Password as an authenticator for sites with two-factor authentication

    For this you would add the one-time password information on the Login item for the site/service in question. Does that help? Please let me know. :)

    Ben

  • Got it, thanks Ben.

    Is it possible to stop 1passwword from creating entries for OTP?

  • BenBen AWS Team

    Team Member

    @kennardn

    You're welcome. 1Password only generates TOTP codes if you add your TOTP secret on a Login (or other) item, usually by scanning a QR code. If you don't add the secret, 1Password won't generate the codes.

    Ben

This discussion has been closed.