How does having multiple OTA in one password work?

We have different authentication paths, where I synchronize passwords to avoid having to have multiple password entries for Dev, Stage, Prod for the "same user". This works fine with standard passwords. But as I proceed to enable MFA/OTP, will this work? The app seems to allow me to add multiple OTP to the password... but if I do that, will it be be able to tell which OTP to use based on URL? How?


1Password Version: 8.10.8
Extension Version: 2.11.0
OS Version: Fedora 38 (6.3.8-200.fc38.x86_64)
Browser:_ Fedora 114.0.2 (64-bit)

Comments

  • Hey @btaroli,

    For the best filling experience my recommendation would be to create a separate item for each login.

    You can add multiple OTP's within an item but only the first one (saved beneath the password field) will get automatically filled. The others will be listed beneath and you will need to copy/paste or drag and drop these to the field.

    I hope this helps!

  • btaroli
    btaroli
    Community Member

    Yes, I did see that visual behavior and it's pretty weird! This is especially true with some of the passwords, where I have 15 or 20 URLs in the item, and have to scroll down to see the additional OTP value(s). :D

    This is interesting, because while it can easily support multiple URL related to a single password, the idea that different URL may have different OTP seems not to have been considered. I quesiton whether having the extra OTP might not be the right thing...? Just a thought.

    Indeed, for now, I have split the password items up... but I later learned that the tool we use when resetting the password for these actually does the password sync. So the irony is that by having my items split, I have to remember to go and update multiple 1password entries whenever I actually have to rotate that password (we do it once but it "helps" by keeping them in sync). Yuck.

    But thanks for your response! It at least clarifies the actual behavior.

  • Thank you for getting back to me @btaroli.

    In an ideal world you would have separate passwords for separate URL's but I can see how for your particular use case separating them out into different items makes changing the password a little tricky.

    I'd love to put in a request with our product team to see if we can better handle these types of scenarios. Are you able to provide me with specific examples whereby you have the same password for multiple URL's so I can pass this on? Any detail will provide extra weight to your feedback.

    Thank you!

This discussion has been closed.