Accounts where TOTP code should be appended (or prepended) to the password
Comments
-
The opnsense administration web ui can be configured to require TOTP in the form of either TOTP + password or password + TOTP (Opnsense is an internally hosted router). One could manually assemble TOTP + password, but due to the ease with which 1password's "Save login" could overwrite my password with the recently entered TOTP + password combo, I'm forced to not use 1password for this site.
Please include my vote for this TOTP + password feature
1 -
Add me on this?
USAA, when configured with the "CyberCode Token" log-on method, takes a 4-digit static PIN + 6-digit TOTP token.
1 -
Thanks for sharing those details! I've submitted your request to the Product team.
-David
ref: PB-40789636
0 -
+1
This is even more important since Auto Fill again automatically submits username and password. For every website, where OTP is pre/appended I have to manually copy and paste username, password and OTP. Before the recent change in behavior, I would only have to copy and paste the OTP.
Can you please, please, please implement this?
0 -
Thank you for the report! Can you provide examples of websites you've encountered that require a one-time password to be entered with a password into one field?
-Evon
ref: pb-40960303
0 -
Yes, the OPNsense login. We are working with a lot of these appliances and policy demands using 2FA.
https://docs.opnsense.org/manual/how-tos/two_factor.html#step-7-using-the-token
0 -
@EvonG1P It looks like a lot of people need this. And this request has been made in the forums for quite some time. What is the reason that this still has not been implemented? It would make my life a lot easier. ;-)
0 -
Thank you for providing that example. I've passed it, and your request, along to the team internally.
Which features are implemented (and when) depends on a variety of factors that include: consideration for our existing product roadmap and planned features, urgent bug fixes that need to be prioritized over feature requests, available development resources, other customer feedback, and more.
-Dave
ref: dev/core/core#28432
ref: PB-409694630 -
Can you provide examples of websites you've encountered that require a one-time password to be entered with a password into one field?
https://1password.community/discussion/106003/special-2fa-on-mailbox-org
https://1password.community/discussion/117820/paste-totp-code-directly-behind-my-passwordIn short:
https://login.mailbox.org/enThe password field has to be filled with a 4 digits code (password) followed by the latest TOTP code.
0 -
Thank you for the report! Can you provide examples of websites you've encountered that require a
one-time password to be entered with a password into one field?-Evon
Just to add another example, we use pfSense for our VPN, which requires TOTP + PIN.
https://www.netgate.com/blog/freeradius-on-pfsense-for-2fa1 -
Thank you for the example! So that the team can look into this further, could you please send the page structure of the webpage in question to our support team? Follow these steps:
- Open the website in question until you can see the password/PIN field that you're referring to.
- Right-click on the page and click "1Password - Password Manager" > Help > Collect Page Structure.
Attach the resulting JSON file to an email message addressed to
support+forum@1password.com.With your email please include:
- A link to this thread: https://1password.community/discussion/comment/716339/#Comment_716339
- Your forum username: btr
- Please do not post the file here on the forum.
You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here. Thanks very much!
-Dave
0 -
Hi @Dave_1P
I use the standalone OpenVPN Connect client for Windows to connect to our VPN, so I need to manually copy/paste the TOTP value from 1Password.
Taking my hand off the mouse to type the PIN before pasting the TOTP each time is the annoying part.
0 -
Hi, it's been a while since I checked in on this thread (I'm the original poster for this one).
I'm seeing requests for examples, so I'll go ahead and mention again the website that brought me here to start with: etrade.com.
The Etrade login dialogue has an optional checkbox for to reveal a third entry field for the security code. However this doesn't help the case where you forget you've got a 2FA code on this site, or you're using 1Password to auto-fill the login.
See attached screenshot.
I'll also second (third?) the OpnSense firewall (and I suspect PFSense as well?).
0 -
I just ran into this while attempting to add MFA to our Sophos VPN. It wants it appended to the password, so please consider adding this feature. Any reason a user has to NOT use our password manager works against our user adoption efforts. We are very pleased with 1password and your efforts to make improvements.
1 -
My team would be a +7 looking for this feature to be implemented in all 1Password apps. The "dynamic password" mockup proposed by @melorama looks perfect! We would use this for login to Sophos firewall portals and when using the VPN app. Password is a concatenation of our network password plus the one-time password (ie. Password123456). Currently we need to juggle the app to copy/paste multiple values before the OTP expires.
- Dave
2 -
Just bumping this request again, as I just realized how much worse this is when trying to login to my OPNsense router while using a mobile device! It’s only a minor annoyance on a desktop computer, where you can quickly switch between apps (or by using a macro based system with the CLI tool, as I mentioned earlier in this thread). But on mobile it’s next to impossible!
0 -
@melorama, Thank you for bumping the thread. I'm sorry you're experiencing difficulties filling in your Login for OPNsense on your mobile device. I've shared your comment with our product team.
If you're using iOS or Android, when you utilize the autofill feature from the 1Password app, the one-time password will be automatically copied to your clipboard as long as Copy One-Time Passwords is toggled on in the app settings. After that, you can paste the code before or after the auto-filled password. Are you experiencing different behaviour?
-Evon
0 -
@EvonG1P The issue with that—at least with the current version of 1Password on iOS (8.10.56)—is that 1Password will autofill the password field, and also submit the login form at the same time it copies the OTP code to the clipboard. This results in the password field becoming reset due to the submitted password being incorrect. So you never get a chance to prepend the copied OTP code to the auto-filled password before the login form gets auto-submitted.
In which case, you'd need to manually switch back to the 1Password app, copy the OTP field, switch back to Safari, paste in the code, then switch back to 1Password, copy the Password field, switch back to Safari, tap the password field, try to manually move the cursor to the end of the previously entered OTP code, long press to bring up the "Paste" option, tap on "Paste", then tap on the "Login"button.
Oh, and you have to make sure that you do all of this before the TOTP code expires. And you also have to completely disable the Autofill feature in the iOS settings, which severely limits the convenience of using 1Password on iOS.
So I effectively cannot login to my OPNsense router on iOS unless I either completely disable Autofill, or if I insecurely manually concatenate the OTP and static Password in a notes app or something via copy paste from the 1Password app, then manually copy/pasting the concatenated password back into the Safari password field. And again, trying to do this all before the OTP code expires.
0 -
Thank you for your reply. Could you please temporarily turn off 1Password for Safari and make sure you are auto-filling directly from the 1Password app? Keep in mind that while the 1Password app auto-fills, it does not automatically submit your information- that feature is exclusive to 1Password for Safari. Moreover, auto-filling from 1Password for Safari does not copy the one-time password.
- Open the Settings app on your iOS device.
- Tap Apps > Safari > Extensions > 1Password.
- Turn off Allow Extension.
After that, navigate to the website and select the Login item or key icon 🔑 above the keyboard to Autofill from the 1Password app.
Let me know how that goes.
-Evon
0 -
Oh dear, I spoke too soon. As it turns out, turning off the extension will turn off the extension for ALL devices that are logged in to the same iCloud account. So when I disable the 1Password extension on my iOS device, the Safari extension on my Macs also become disabled (and vice versa).
So this is still a kludgey "workaround" (albeit admittedly so far the simplest workaround) until either OPNsense, USAA et. al., all start redesigning their login forms to have dedicated OTP fields (don't hold your breath), or 1Password adds a custom "dynamic field" option, as mentioned earlier in the thread.
0 -
When turning off the 1Password extension on your iOS device, is there an option at the bottom of the window to Share across devices?
Turning off 1Password for Safari was a temporary step to check if you can autofill from the 1Password app instead. You can re-enable the 1Password extension in Safari and continue to use the Autofill from the app by selecting your item from above the keyboard.
On another note, if you'd like to turn off the Autosubmit specifically for your OPNsense Login item, here are the steps:
- Open Safari.
- Tap the extensions icon in Safari's address bar and select 1Password.
- Tap your Login item.
- Tap the three dots and select Don't sign in automatically.
Here's a screenshot for reference:
Let me know how that goes.
-Evon
0 -
Just checking in: How close are we to a checkbox / setting that appends the OTP to the password? Is this item on a development map of does it just live in this forum? Do we ever hear back from the product team?
0
