Concatenate password strings

ya1pwuser
ya1pwuser
Community Member
in 1Password in the Browser

Hi everyone,
I have a mail provider who has a quite rare method of using 2FA.
Besides the password and the 2FA Code you'll get a PIN. And - if 2FA is set up - you'll have to use the combination of PIN+2FA as a password instead of the password.
Therefore my question: Is there any possibility to "forge" a password string on the fly (as the 2FA is renewed every 30 seconds of course) within 1password and declare that string as "password" to be used?

Greetings

1Password Version: 8.10.0
Extension Version: Not Provided
OS Version: Windows
Browser:_ Not Provided

Comments

  • david.m_1P
    david.m_1P

    Hi @ya1pwuser ,

    Thanks for reaching out!

    Would you be able to confirm which website you're experiencing this issue on and provide us with the URL to test it out if publicly available?

    I look forward to hearing from you!

  • ya1pwuser
    ya1pwuser
    Community Member

    Hi @david.m_1P ,
    it would be https://login.mailbox.org/, the login should be available publicly. However, you need a (paid) account to actually test the 2fa-enabled login.
    If you wanna fake it, you'll need to concatenate a 4-digit PIN and a 6-digit 2FA into the field "login-password-input", numbers only. a simple 10-digit number would not do the trick, as the pair is definitely coming from two different fields in 1pw.

    Greetings

  • Joy_1P
    Joy_1P
    1Password Alumni

    Hey @ya1pwuser, if the website used two different fields to fill this 2fa string, then it may have been possible for 1Password to fill it. Unfortunately, 1Password won't be able to fill the values of two separate fields from your login to one single field on the website. In this case, I would recommend creating separate fields for the 2fa code and pin in your login. To sign in, you can click/drag the values of those fields into the form on the website. That would be the best and easiest way to fill the 2fa string.

  • ya1pwuser
    ya1pwuser
    Community Member

    Heya,
    yeah, would be great if I could change that, but it's not my site, so I have little impact on the design ;)
    I know, it's a very unusual design for a 2FA (even more since they don't allow a strong passwort going along with it ...).
    I was just hoping, 1pw has a similar feature as KeePass has which could handle this easily - and yes, I still like 1pw more over KeePass :P
    I guess it would be best to stick to a high-gigit-count-random password instead of this PIN/2FA thingy they made.
    If there would be any such feature to concatenate strings, I'd be happy to use it (hind as a feature request ;) )
    Thanks for your help

  • Joy_1P
    Joy_1P
    1Password Alumni
    edited March 2023

    @ya1pwuser I've created a feature request for this on your behalf.

    In this case, I would recommend creating separate fields for the 2fa code and pin in your login. To sign in, you can click/drag the values of those fields into the form on the website.

    To clarify, I meant that you can add these fields to your login and then click/drag them to the website. Essentially the login would be set up as follows:

    Username - your username
    Password - keep this blank
    One-time password - set this up via the website, should be dynamic
    Pin - your pin, should be unchanging

    Does that help a bit? Let me know if you have any further questions.

    ref: PB-31413791

This discussion has been closed.