Accounts where TOTP code should be appended (or prepended) to the password

2»

Comments

  • @motivio

    I don't have any updates to share but I can share your request for this feature with the team. Are you able to provide examples of websites that you've encountered that require the password + TOTP to be entered into one field? 🙂

    -Dave

  • knuggy14
    knuggy14
    Community Member

    The opnsense administration web ui can be configured to require TOTP in the form of either TOTP + password or password + TOTP (Opnsense is an internally hosted router). One could manually assemble TOTP + password, but due to the ease with which 1password's "Save login" could overwrite my password with the recently entered TOTP + password combo, I'm forced to not use 1password for this site.

    Please include my vote for this TOTP + password feature

  • ag_tommy
    edited June 4

    I've added you as a requester @knuggy14

    ref: PB-40343498

  • legowerewolf
    legowerewolf
    Community Member

    Add me on this?

    USAA, when configured with the "CyberCode Token" log-on method, takes a 4-digit static PIN + 6-digit TOTP token.

  • david.m_1P
    edited July 4

    @legowerewolf!

    Thanks for sharing those details! I've submitted your request to the Product team.

    -David

    ref: PB-40789636

  • Arno Gramatke
    Arno Gramatke
    Community Member

    +1

    This is even more important since Auto Fill again automatically submits username and password. For every website, where OTP is pre/appended I have to manually copy and paste username, password and OTP. Before the recent change in behavior, I would only have to copy and paste the OTP.

    Can you please, please, please implement this?

  • @Arno Gramatke,

    Thank you for the report! Can you provide examples of websites you've encountered that require a one-time password to be entered with a password into one field?

    -Evon

    ref: pb-40960303

  • Arno Gramatke
    Arno Gramatke
    Community Member

    Yes, the OPNsense login. We are working with a lot of these appliances and policy demands using 2FA.

    https://docs.opnsense.org/manual/how-tos/two_factor.html#step-7-using-the-token

  • Arno Gramatke
    Arno Gramatke
    Community Member

    @EvonG1P It looks like a lot of people need this. And this request has been made in the forums for quite some time. What is the reason that this still has not been implemented? It would make my life a lot easier. ;-)

  • @Arno Gramatke

    Thank you for providing that example. I've passed it, and your request, along to the team internally.

    Which features are implemented (and when) depends on a variety of factors that include: consideration for our existing product roadmap and planned features, urgent bug fixes that need to be prioritized over feature requests, available development resources, other customer feedback, and more.

    -Dave

    ref: dev/core/core#28432
    ref: PB-40969463

  • DenalB
    DenalB
    Community Member

    @EvonG1P

    Can you provide examples of websites you've encountered that require a one-time password to be entered with a password into one field?

    https://1password.community/discussion/106003/special-2fa-on-mailbox-org
    https://1password.community/discussion/117820/paste-totp-code-directly-behind-my-password

    In short:
    https://login.mailbox.org/en

    The password field has to be filled with a 4 digits code (password) followed by the latest TOTP code.

  • @DenalB,

    Thank you for providing the examples. 🙂

    -Evon

  • btr
    btr
    Community Member

    @EvonG1P

    Thank you for the report! Can you provide examples of websites you've encountered that require a
    one-time password to be entered with a password into one field?

    -Evon

    Just to add another example, we use pfSense for our VPN, which requires TOTP + PIN.
    https://www.netgate.com/blog/freeradius-on-pfsense-for-2fa

  • @btr

    Thank you for the example! So that the team can look into this further, could you please send the page structure of the webpage in question to our support team? Follow these steps:

    1. Open the website in question until you can see the password/PIN field that you're referring to.
    2. Right-click on the page and click "1Password - Password Manager" > Help > Collect Page Structure.

    Attach the resulting JSON file to an email message addressed to support+forum@1password.com.

    With your email please include:

    You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here. Thanks very much!

    -Dave

  • btr
    btr
    Community Member

    Hi @Dave_1P

    I use the standalone OpenVPN Connect client for Windows to connect to our VPN, so I need to manually copy/paste the TOTP value from 1Password.

    Taking my hand off the mouse to type the PIN before pasting the TOTP each time is the annoying part.

  • Dave_1P
    edited August 21

    @btr

    Thank you for the clarification. I've passed your use case along to the team. 🙂

    -Dave

    ref: PB-41768991

  • zcutlip
    zcutlip
    Community Member

    Hi, it's been a while since I checked in on this thread (I'm the original poster for this one).

    I'm seeing requests for examples, so I'll go ahead and mention again the website that brought me here to start with: etrade.com.

    The Etrade login dialogue has an optional checkbox for to reveal a third entry field for the security code. However this doesn't help the case where you forget you've got a 2FA code on this site, or you're using 1Password to auto-fill the login.

    See attached screenshot.

    I'll also second (third?) the OpnSense firewall (and I suspect PFSense as well?).

    Etrade login dialogue

  • Bhellx
    Bhellx
    Community Member

    I just ran into this while attempting to add MFA to our Sophos VPN. It wants it appended to the password, so please consider adding this feature. Any reason a user has to NOT use our password manager works against our user adoption efforts. We are very pleased with 1password and your efforts to make improvements.

  • Dave_1P
    edited October 7

    @Bhellx and @zcutlip

    Thank you for those examples! I've passed them, and your feature requests, along to the team. 🙂

    -Dave

    ref: PB-43137491
    ref: PB-43137543

  • ckwebz
    ckwebz
    Community Member

    My team would be a +7 looking for this feature to be implemented in all 1Password apps. The "dynamic password" mockup proposed by @melorama looks perfect! We would use this for login to Sophos firewall portals and when using the VPN app. Password is a concatenation of our network password plus the one-time password (ie. Password123456). Currently we need to juggle the app to copy/paste multiple values before the OTP expires.

    • Dave
  • @ckwebz

    Thank you for the feedback! I've filed your request with our product team. 🙂

    -Dave

    ref: PB-43597300

  • melorama
    melorama
    Community Member

    Just bumping this request again, as I just realized how much worse this is when trying to login to my OPNsense router while using a mobile device! It’s only a minor annoyance on a desktop computer, where you can quickly switch between apps (or by using a macro based system with the CLI tool, as I mentioned earlier in this thread). But on mobile it’s next to impossible!

  • @melorama, Thank you for bumping the thread. I'm sorry you're experiencing difficulties filling in your Login for OPNsense on your mobile device. I've shared your comment with our product team.

    If you're using iOS or Android, when you utilize the autofill feature from the 1Password app, the one-time password will be automatically copied to your clipboard as long as Copy One-Time Passwords is toggled on in the app settings. After that, you can paste the code before or after the auto-filled password. Are you experiencing different behaviour?

    -Evon