1Password on Mastodon

HOTP Support


Team Member
This discussion was created from comments split from: Importing 2FA from Google Authenticator.


  • vadyvady
    Community Member
    edited February 17

    a vote for HOTP (Duo Mobile 2FA) support

  • Dave_1PDave_1P

    Team Member

    Hello @vady! 👋

    Thank you for the suggestion! Can you clarify if you're looking to use DUO as a second factor for your 1Password account or if you'd like to store HOTP-based one-time passwords for other services in 1Password?

    I look forward to hearing from you.


  • vadyvady
    Community Member

    Hi @Dave_1P,
    Thank you for your interest. Answering your question, this is more likely the second, namely, I would like to see support for HOTP - Hash -based One-Time Password in 1Password to pass Cisco Duo Passcodes.
    To say the truth, I already got out. I'm using Duo HOTP Python3 lib for that. In part, I also refer to the article by Shreyas Minocha
    So by the help 1Password CLI i get password for VPN client and HOTP duo passcode with duo-hotp lib.

    !/usr/bin/env bash
    get_pw () {
        /usr/local/bin/op read op://Private/'id'/password
    get_pw_keychain () {
        security 2>&1 >/dev/null find-generic-password -ga domain-tld-vpn \
        |ruby -e 'print $1 if STDIN.gets =~ /^password: "(.*)"$/'
    get_passcode () {
        /usr/bin/python3 ~/duo.py next -s ~/.duo-hotp
    if [[ ! -z "$PASSWORD" ]] && [[ "{$(/opt/cisco/anyconnect/bin/vpn status)[0]}" == *"Disconnected"* ]]; then
        killall -kill "Cisco AnyConnect Secure Mobility Client" >/dev/null 2>&1
        if [[ -z "$PASSCODE" ]]; then
            echo "Error getting DUO HOTP Passcode!"
            exit 1
        /usr/bin/expect -f - <<EOD
    set timeout 10
    spawn /opt/cisco/anyconnect/bin/vpn connect $ADDR
    send -- "5\r"
    expect "\r\nUsername:*" {send -- "$USER\r"}
    expect "Passcode: " {send -- "$PASSWORD,$PASSCODE\r"}
    expect "Connected"
        echo "Seems to be already connected or no credentials were provided!"
        /opt/cisco/anyconnect/bin/vpn state
        /opt/cisco/anyconnect/bin/vpn stats

    Btw, HOTP implemented by Google Authenticator.

    Community Member

    Interesting read!

    Does anyone know about something similar for Ping Identity?


    (I’d love to use 1Password instead of their ugly App…)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file