1Password offering to fill TOTP passcodes it doesn't have

[Deleted User]
[Deleted User]
Community Member
edited August 2021 in 1Password in the Browser

I use 1Password to share TOTP passcodes with my family, but I mainly store my 2FA tokens separately. Where 1Password knows that a particular website supports 2FA, I have used a 2FA tag to stop Watchtower suggesting I set-up 2FA.
However, 1Password in the browser is still offering to fill TOTP passcodes it doesn't have. I wouldn't mind but the fill menu often gets in the way of manually entering the passcode. I noticed this most recently at:
https://mail.protonmail.com/inbox
Is this a known issue? Any suggested workarounds?


1Password Version: 7.7.8.10
Extension Version: 2.0.5
OS Version: Windows 10.0.19043

Comments

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @rootzero ,

    I don't quite understand the situation here. When you get to a TOTP page in which 1Password does not have a TOTP field in the login item for, does 1Password still autofill it with a 6 digits code from somewhere? Or do you simply mean that 1Password shows up in the TOTP field with the inline menu and suggest autofilling, which is distracting?

    If it's the former, there's definitely something in your login item that contains a TOTP and we need to check and remove it from there (or save a brand new login item for the website).

    In case it is the latter, then yes, that is expected behavior. 1Password shows up in TOTP fields and suggest autofilling. You can dismiss 1Password's inline menu by simply clicking the little 1Password icon on the right side of the field. Alternatively, you can go into the extension's settings page and turn off the "Show autofill menu on field focus" option, which will prevent the inline menu from showing up on its on.

  • [Deleted User]
    [Deleted User]
    Community Member

    @ag_yaron Thanks for the swift response. Yes, it's the latter case. 1Password lists the logins below the TOTP fields for a domain where it doesn't have a TOTP shared secret.
    Next time, I'll try clicking the 1Password icon. However, it would be nice if it could ignore TOTP fields where there's nothing to fill and/or where the 2FA tag is set.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Thanks for clarifying @rootzero .

    The "2FA" tag is only used to remove the Watchtower flag about the availability of 2FA for this website, and it does not affect the functionality of 1Password on webpages in any form or shape, nor is it intended to.

    We have recently added the inline menu in TOTP fields because a lot of users were complaining that some websites have a non-standard login processes, in which 1Password was unable to autofill the TOTP for them, so they had to copy-paste the totp manually or opening the extension and clicking on "Autofill", but now 1Password simply shows up in the field and suggest autofilling which made things a lot easier for them.

    I'm sorry you find this to have the exact opposite effect on your experience, as you are storing the TOTPs separately outside of 1Password.
    In that case, I think my suggestion for turning off the inline menu's auto-appearance might improve your experience a bit.

    Thank you kindly for the feedback and suggestions here. If more users will ask for it to be removed from TOTP fields, we will definitely consider it.

This discussion has been closed.