Accounts where TOTP code should be appended (or prepended) to the password
Comments
-
The opnsense administration web ui can be configured to require TOTP in the form of either TOTP + password or password + TOTP (Opnsense is an internally hosted router). One could manually assemble TOTP + password, but due to the ease with which 1password's "Save login" could overwrite my password with the recently entered TOTP + password combo, I'm forced to not use 1password for this site.
Please include my vote for this TOTP + password feature
1 -
Add me on this?
USAA, when configured with the "CyberCode Token" log-on method, takes a 4-digit static PIN + 6-digit TOTP token.
1 -
Thanks for sharing those details! I've submitted your request to the Product team.
-David
ref: PB-40789636
0 -
+1
This is even more important since Auto Fill again automatically submits username and password. For every website, where OTP is pre/appended I have to manually copy and paste username, password and OTP. Before the recent change in behavior, I would only have to copy and paste the OTP.
Can you please, please, please implement this?
0 -
Thank you for the report! Can you provide examples of websites you've encountered that require a one-time password to be entered with a password into one field?
-Evon
ref: pb-40960303
0 -
Yes, the OPNsense login. We are working with a lot of these appliances and policy demands using 2FA.
https://docs.opnsense.org/manual/how-tos/two_factor.html#step-7-using-the-token
0 -
@EvonG1P It looks like a lot of people need this. And this request has been made in the forums for quite some time. What is the reason that this still has not been implemented? It would make my life a lot easier. ;-)
0 -
Thank you for providing that example. I've passed it, and your request, along to the team internally.
Which features are implemented (and when) depends on a variety of factors that include: consideration for our existing product roadmap and planned features, urgent bug fixes that need to be prioritized over feature requests, available development resources, other customer feedback, and more.
-Dave
ref: dev/core/core#28432
ref: PB-409694630 -
Can you provide examples of websites you've encountered that require a one-time password to be entered with a password into one field?
https://1password.community/discussion/106003/special-2fa-on-mailbox-org
https://1password.community/discussion/117820/paste-totp-code-directly-behind-my-passwordIn short:
https://login.mailbox.org/enThe password field has to be filled with a 4 digits code (password) followed by the latest TOTP code.
0 -
Thank you for the report! Can you provide examples of websites you've encountered that require a
one-time password to be entered with a password into one field?-Evon
Just to add another example, we use pfSense for our VPN, which requires TOTP + PIN.
https://www.netgate.com/blog/freeradius-on-pfsense-for-2fa1 -
Thank you for the example! So that the team can look into this further, could you please send the page structure of the webpage in question to our support team? Follow these steps:
- Open the website in question until you can see the password/PIN field that you're referring to.
- Right-click on the page and click "1Password - Password Manager" > Help > Collect Page Structure.
Attach the resulting JSON file to an email message addressed to
support+forum@1password.com
.With your email please include:
- A link to this thread: https://1password.community/discussion/comment/716339/#Comment_716339
- Your forum username: btr
- Please do not post the file here on the forum.
You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here. Thanks very much!
-Dave
0 -
Hi @Dave_1P
I use the standalone OpenVPN Connect client for Windows to connect to our VPN, so I need to manually copy/paste the TOTP value from 1Password.
Taking my hand off the mouse to type the PIN before pasting the TOTP each time is the annoying part.
0 -
Hi, it's been a while since I checked in on this thread (I'm the original poster for this one).
I'm seeing requests for examples, so I'll go ahead and mention again the website that brought me here to start with: etrade.com.
The Etrade login dialogue has an optional checkbox for to reveal a third entry field for the security code. However this doesn't help the case where you forget you've got a 2FA code on this site, or you're using 1Password to auto-fill the login.
See attached screenshot.
I'll also second (third?) the OpnSense firewall (and I suspect PFSense as well?).
0 -
I just ran into this while attempting to add MFA to our Sophos VPN. It wants it appended to the password, so please consider adding this feature. Any reason a user has to NOT use our password manager works against our user adoption efforts. We are very pleased with 1password and your efforts to make improvements.
1 -
My team would be a +7 looking for this feature to be implemented in all 1Password apps. The "dynamic password" mockup proposed by @melorama looks perfect! We would use this for login to Sophos firewall portals and when using the VPN app. Password is a concatenation of our network password plus the one-time password (ie. Password123456). Currently we need to juggle the app to copy/paste multiple values before the OTP expires.
- Dave
2 -
Just bumping this request again, as I just realized how much worse this is when trying to login to my OPNsense router while using a mobile device! It’s only a minor annoyance on a desktop computer, where you can quickly switch between apps (or by using a macro based system with the CLI tool, as I mentioned earlier in this thread). But on mobile it’s next to impossible!
0 -
@melorama, Thank you for bumping the thread. I'm sorry you're experiencing difficulties filling in your Login for OPNsense on your mobile device. I've shared your comment with our product team.
If you're using iOS or Android, when you utilize the autofill feature from the 1Password app, the one-time password will be automatically copied to your clipboard as long as Copy One-Time Passwords is toggled on in the app settings. After that, you can paste the code before or after the auto-filled password. Are you experiencing different behaviour?
-Evon
0