Paste TOTP code directly behind my password?

DenalB
DenalB
Community Member
in 1Password in the Browser

I have a website where I have to use a password which consists of 4 digits and the TOTP code. Actually I'm using the shortcut "CTRL+." to fill in the password and pressing "CTRL+V" to paste the TOTP code directly behind the password.

Is it possible to automatically fill in the TOTP code directly behind the password?

1Password Version: 7.6.787
Extension Version: 4.7.6.2
OS Version: Windows 10 Pro 20H2
Sync Type: Not Provided

Comments

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @DenalB ,

    The TOTP field is always being handled as a separate field in 1Password, so there's no way to automate this process. It's kind of strange the website asks you for the TOTP+password in the same field though. Do you encounter that in multiple websites or just a specific one?

  • DenalB
    DenalB
    Community Member

    Hi @ag_yaron !

    The TOTP field is always being handled as a separate field in 1Password, so there's no way to automate this process.

    I already thought so, but I wanted to ask if I didn't see the right setting. So I'm not blind. ;)

    It's kind of strange the website asks you for the TOTP+password in the same field though. Do you encounter that in multiple websites or just a specific one?

    It's only a specific website - https://login.mailbox.org/de. It's a kind of 2FA protection. You are allowed to set a 4-digit-pin but have to use the TOTP to have a 10-digit-pin as your password. Nice thing but is a bit tricky for a password manager. ;)

    Thanks for trying to help. :+1:

  • kaitlyn
    kaitlyn
    1Password Alumni

    Thanks for the additional info, @DenalB! I don't think I'm seeing the same page as you when visiting the URL you mentioned, but I want to clarify something. Are you entering a 4 digit PIN that's the same each time, or is a one time password that's different each time generated somewhere?

  • DenalB
    DenalB
    Community Member

    Hey @kaitlyn , we both see the same website when opening the link. 😉
    The first part of the password you have to enter is the 4 digit PIN which stays the same. That’s why 1Password means that it‘s a weak password. The second part of the password is the TOTP which you have to enter right behind the PIN in the same field.
    Actually I fill in the 4 digit PIN with the help of the shortcut for 1Password. After that I press CTRL+V to paste in the TOTP into the same field.
    Hope it helps understanding what’s the „problem“. 👍

  • kaitlyn
    kaitlyn
    1Password Alumni

    @DenalB – That's so fascinating to me! I really appreciate your explanation. I can't say I've seen anything like it before – entering both a PIN and a TOTP into the same field. The workaround you're using is exactly what I would have come up with, to be honest. Pressing the keyboard shortcut, then then hitting CTRL + V to paste your TOTP is the most efficient way I can think of filling. While it'd be cool to see a password manager have the ability to fill a field like this, I can't say if it'll become the "norm" anytime soon. I'm glad you reached out about it, though. :)

  • DenalB
    DenalB
    Community Member

    Pressing the keyboard shortcut, then then hitting CTRL + V to paste your TOTP is the most efficient way I can think of filling.

    Yes, it is. :)

    While it'd be cool to see a password manager have the ability to fill a field like this, I can't say if it'll become the "norm" anytime soon.

    And it would be much cooler if 1Password would be THAT password manager. ;)

    I'm glad you reached out about it, though.

    You're very welcome @kaitlyn ! :+1:

  • kaitlyn
    kaitlyn
    1Password Alumni

    :+1: Have a wonderful New Year's!

  • DenalB
    DenalB
    Community Member

    :+1: Happy New Year for you all! :)

  • mtheos
    mtheos
    Community Member

    Meanwhile on the backend...
    pin = password_field[:4]
    otp = password_field[4:]

    This is an interesting case.
    I like the idea behind asking for the OTP before checking the password (no info leak) but I don't like (or see the point of) having it in the same field.
    They should be 2 separate fields, extending a login page to ask for username/password/OTP

  • ag_michaelc
    ag_michaelc

    One field for both is certainly a bit different, but that's beyond our control. :smile:

  • DenalB
    DenalB
    Community Member

    It's the only website I know of such a password field. But I'm okay with it to copy the TOTP after inserting the password into the field. ;)

  • ag_yaron
    ag_yaron
    1Password Alumni
    edited January 2021

    Let's hope other websites don't follow this trend, eh? ;)

  • smhex
    smhex
    Community Member

    Ha, got the same problem :) . I’m using mailbox.org too. Besides the combined pin/TOTP thing the weak password warning is really annoying. To avoid this I stored a much longer pin. The drawback is the additional deletion of the added characters before pasting the TOTP...

    Nevertheless this method looks quite unique. I don’t have another website login working this way...

    Regards
    smhex

  • DenalB
    DenalB
    Community Member

    @smhex,

    Good to know that I‘m not alone with this. ;)

    Besides the combined pin/TOTP thing the weak password warning is really annoying.

    Maybe this request is something for you, too. :)
    https://1password.community/discussion/116207/ignore-certain-weak-passwords-in-watchtower

  • smhex
    smhex
    Community Member

    @DenalB ,

    Thank you for the link. Added my vote👍

    Regards
    smhex

  • DenalB
    DenalB
    Community Member

    Great @smhex. Thanks for voting. ;)

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you both :)

This discussion has been closed.