OTP not filling correctly using Google Chrome extension

Hi all, I'm writing since I'm facing an unwanted behavior while trying to automatically fill an OTP field in Google Chrome.

First of all a few details about the specifications of the software I'm using:

  • OS: Windows 10 Home (21H2, 19044.1387)
  • 1Password version: 80500046 (BETA channel)
  • 1Password extension: 2.2.0 (Chrome, BETA channel)

I set up an OTP field in 1Password, on a website X, using the 'Scan QR code' feature of the 1Password Chrome extension. Everything worked fine. The OTP provided by 1Passoword allows me to log into the website X.

Now, if I try to log into a website Y or Z, for which I haven't set an OTP verification in 1Password but that requires an OTP verification since, for instance, I set it up using a different app (e.g. Google Authenticator), 1Password Chrome extension tries to fill this field with the OTP code provided by 1Password for the website X.

In 1Password desktop app I can see the OTP code for website X but I cannot see, as it should be, the OTP codes for website Y and Z.

While in 1Password Chrome extension, in the browser, I can see the OTP code for website X but I can also see the OTP codes for website Y and Z that are wrongly the same as the one provided for website X.

Not sure if I managed to explain this clearly.

Thank you in advance.


1Password Version: 80500046 (BETA channel)
Extension Version: 2.2.0 (Chrome, BETA channel)
OS Version: Windows 10 Home (21H2, 19044.1387)

Comments

  • Hi @aragorn_ii:

    Thanks for asking about this, and I'd be happy to help you with this. To get a better understanding of what's going on here, are you able to take a screenshot of each of the three items you mentioned in the 1Password extension? Like this:

    If the screenshots do contain personal information, rather than posting them here, please email them to support+x@1password.com. You'll receive a reply from BitBot that contains your support ID, which looks something like this [#ABC-12345-678]. Post that here, and I'll be able to locate your email to us internally. Thanks!

    Jack

  • aragorn_ii
    aragorn_ii
    Community Member

    Hi @jack.platten,

    thanks for the reply. Sure, below you can find three screenshots. Each screenshot shows what I see in the 1Password Windows app and the 1Password Chrome extension. I took the screenshots within 30 seconds, before the OTP expired.

    Website X is the website for which I created the OTP in 1Password first. In this case, 2FA is active and I have a OTP set in both in 1Password and in Google Authenticator. Everything is working well in this scenario both using 1Password and Google Authenticator.

    Website Y is a website for which I haven't created a OTP in 1Password. In this case, 2FA is not active for website X. In this scenario, I cannot see the OTP in 1Password Windows app, as it should be (since I haven't created one), but 1Password Chrome extension shows me the OTP created for Website X.

    Website Z is a website for which I haven't created a OTP in 1Password. In this case 2FA is active for website Z and I have a OTP set in Google Authenticator only but not in 1Password. In this scenario, I cannot see OTP in 1Password Windows app, as it should be (since I haven't created one), but 1Password Chrome extension shows me the OTP created for Website X and, since 2FA is active on website Z, tries to fill the 2FA field.

    I tried to be clear as much as possible but re-reading the post I feel it might be confusing. Please let me know if you have any questions and if you'd like I perform some additional tests.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @aragorn_ii ,
    Thanks for the additional screenshots. Quite weird indeed.

    Can you please log into your 1Password account on our website (https://my.1password.com), locate these login entries and see if they show a TOTP there as well? If so, try to click on "Edit" and see if you are able to edit it out. In case there's no TOTP there, it might indicate some caching problem with the extension in your browser.

    Can you also share the URLs of these websites with us? we want to check if they are related somehow in one of our databases. You can email us if you prefer not to reveal it here, as Jack offered in a previous reply.

    Keep us posted.

  • aragorn_ii
    aragorn_ii
    Community Member

    Hi @ag_yaron,

    you're welcome and thanks for the reply.

    First of all, a small correction to my previous post:

    Website Y is a website for which I haven't created a OTP in 1Password. In this case, 2FA is not active for website Y. In this scenario, I cannot see the OTP in 1Password Windows app, as it should be (since I haven't created one), but 1Password Chrome extension shows me the OTP created for Website X.

    Sure, I have just logged into 1Password account on https://my.1password.com but neither website Y nor website Z shows a TOTP, while website X shows a TOTP, as it should be. The behavior is basically consistent with what I see in the 1Password Windows app.

    In case of a problem with the cache of 1Password extension in my browser, is there a way to fix it without having to uninstall the extension?

    Yes, I have just sent an email to support+x@1password.com and the support ID I received from BitBot is #YNC-54994-613.

    Thanks again.

  • Hey @aragorn_ii:

    I've located your email to us. We'll take a look, and be in touch there. Thanks!

    Jack

    ref: YNC-54994-613

  • aragorn_ii
    aragorn_ii
    Community Member

    Thanks @jack.platten! I received an email from 1Password support and replied.

  • @aragorn_ii:

    Thanks! To avoid duplicating our efforts, I'm going to close this thread, and we'll continue to be in touch via email.

    Jack

This discussion has been closed.