Help with Using One Time Password

Matt Boettger
Matt Boettger
Community Member

I'm clearly really ignorant here but how do I use one-time password. If I sign in to my evernote or dropbox, it provides me with its own number. How does this method integrate into the one-time password for ios? It looks like it creates its own. Also, I don't see this function on the mac version so I feel like I'm really not understanding this. Any help would be GREAT!

Comments

  • [Deleted User]
    [Deleted User]
    Community Member
    edited January 2015

    I’ve just set it up for Dropbox. You have two options: you can enter a predefined ‘secret’ manually or you can scan it per QR code. This secret is the basis for the generated code, so that the service can replicate and verify it. Dropbox requires a more sophisticated secret, so you have to do this with a QR code. For that you have to go to your account settings on dropbox.com, where the service gives you the details (and the QR code). I think Evernote would work in the same way, you need to set it up under account security settings on evernote.com.

    1Password for Mac doesn’t seem to support this new feature yet. My Dropbox entry only shows an URL to me, it doesn’t generate any codes.

  • iMacFeegle
    iMacFeegle
    Community Member

    I'm trying to set this up but I have a question: I already have 2FA enabled for several services through the Google Authenticator (GA) app. If I want to use 1P for 2FA, that would mean changing the settings in each service, correct? Meaning that it's either one or the other, i.e. I can use either 1P for 2FA, or GA, but not both, correct?

  • @Eitot‌ is correct. :)

    @iMacFeegle‌ I've only used the feature with Google Apps but for that it was a choice of one or the other (Google Authenticator app or 1Password) -- it would not allow me to set up both.

    I found the QR code scanner to be the easiest method of setting this up.

  • [Deleted User]
    [Deleted User]
    Community Member

    @iMacFeegle‌: it depends. If the service uses the same ‘secret’ for generating the code and you can copy it then it might work. However, I would not recommend it. I suggest decoupling or replacing your 2FA manually, service by service if you want to switch to 1Password. Just to be on the safe side. :)

  • oskilo
    oskilo
    Community Member
    edited January 2015

    Is there a plan to add this feature to the Mac version of 1password and if I edit my password in the mac version after I've updated it to provide a one time password, will it be overwritten/removed?

  • David Hansen
    David Hansen
    Community Member

    So am I correct in understanding that this functionality replaces the Google Authenticator or Authy app rather than generating an application specific password? Because that's what comes to mind when the term "One-Time Password" is used is an application specific app.

  • thightower
    thightower
    Community Member
    edited January 2015

    @bwoodruff‌

    @iMacFeegle‌

    You can have both Google authenticator and 1Password setup to provide the same code at the same time. This is useful if a husband and a wife share an account at Dropbox for example. You can have other apps I use Duo Security for a lot of my OTP. It is not just limited to the 2 in my opening sentence.

    What you do is when setting up the 2 Factor Authentication take a screen shot of the QR code. Saving it temporarily.

    • I do not recommend doing this on iOS as it can be uploaded to the cloud and if using a Mac turn off any screenshot upload services before taking the screenshot. Or they can be uploaded from the Mac as well.

    Step A.

    1. Proceed with the enrollment process as you normally would using the on screen QR code.
    2. Make sure to take a screenshot of the QR code.
    3. Complete the setup and get your account secured. Thats the most important thing.

    Step B.

    1. On your second device and or second app open the screenshot you saved then scan the QR code from that screen shot.
    2. The second device will be identical to the first and you will be able to gain OTP from either app or different devices.
    • I currently have it setup and functioning in 1Password and Google Authenticator.

    • When you are done with the screenshot place it in the trash and securely empty it.

    edited for clarity, & brevity. Removed a portion about saving QR codes after reading several opinions, which got me to thinking more. Thats a good thing. I may return the portions about the saving, after giving it more thought.

  • thightower
    thightower
    Community Member
    edited January 2015

    Original post was about saving QR code, With syncing of the 1Password keychains and clients for a myriad of OS's and the future enhancement of OTP syncing. I removed the portion about saving code for long term use.

    Almost anyone can download a copy of 1Password on any machine and be able to access your QR codes in an emergency situation. So saving the code is not necessary and may decrease your overall security.

    Edited

  • prime
    prime
    Community Member

    This was pretty interesting. Now I can see how people can be confused because I know it as "2 step verification" and one time password did throw me off.

    Now I really like this set up, 1 less app, and I'm able to share this with my wife very easily. So now I can see this being an issue too for people who don't think before switching devices (get a new phone or whatever).

    I'll use this as an example; I use Dropbox for syncing, and let's say I get a new iPhone. I get my iPhone, download 1Password and open the app. I can pick "sync to current vault" (or something like that), so I pick Dropbox. Now I can't get into Dropbox because I need the one time password to get in, but my one time password is in my 1Password that now can't sync to Dropbox.... See how this can be a problem for people who don't think ahead? Or am I thinking too much into this?

    This wouldn't be an issue for me because of this awesome set up, have a total of 4 devices that have access to the one time password for the Dropbox that I use for syncing.

  • Now I can't get into Dropbox because I need the one time password to get in, but my one time password is in my 1Password that now can't sync to Dropbox.... See how this can be a problem for people who don't think ahead? Or am I thinking too much into this?

    Most services (I believe Dropbox is included) will send you a OTP via SMS in that case.

    This wouldn't be an issue for me because of this awesome set up, have a total of 4 devices that have access to the one time password for the Dropbox that I use for syncing.

    And this is another great solution. :)

  • prime
    prime
    Community Member

    @bwoodruff if you have Dropbox set up to an authenticator app, that code from the app will only work to get in with this situation. Getting the code sent though the phone (via sms) will not work (I have tried this once because helping a friend who switched phones and was trying to get I to the Dropbox app on his iPhone) because that is a back up at that point to get on Dropbox.com. I could be wrong and when I was helping my friend, maybe we did something wrong. Maybe @thightower can confirm this?

    I just wanted to give you guys a heads up, because it will probably happen hahahaha.

  • thightower
    thightower
    Community Member

    @prime

    Can you explain the question evidently I am missing the gist. I tried to touch on a few topics but may have missed your point. I apologize as I have been on the telephone and TeamViewer with an older friend helping him update several of his Macs for the last hour.

    I currently have my Dropbox on SMS to prevent some of the issues you guys mention. You will not be able to get it sent onetime over SMS unless its new and I missed it. I have to admit I have not looked at those options in a long time. I prefer to keep Dropbox on SMS rather than an OTP. So if I loose my Google Authenticator settings I can still access my Dropbox. If I change phones as long as I keep the same number I can still gain access because of the SMS.

    You can always open the Mac app to access the Dropbox website. I am honestly not a big iOS Dropbox user. :( I am an old die hard and prefer my Mac.

    If you loose the authenticator device the only way to gain access to Dropbox is through the RECOVERY code. That code should be stored in the 1Password emergency kit, along with your iCloud RECOVERY key.

  • prime
    prime
    Community Member

    @thightower
    I go get a new iPhone and I download the important stuff 1st, including 1Password. Now I use the On Time Password in 1Password for Dropbox, so when I open 1Password for the 1st time on my new iPhone, it's going to ask me if I want to sync to an existing vault. I will put in my log in and my password for dropbox, then it asks me for the One Time Password. See the issue?

    When you try to sync to an existing vault in 1Password, you're going to need that One Time Password that is in the 1Password that you can't get into...

    Dropbox lets you put your cell number as a back up, and you'll get an SMS for that. The issue is with this, when you sync 1Password to Dropbox and you don't have access to the One Time Password, it will not let you pick another option (like using the SMS back up). Even if you got the back up (SMS sent to you cell phone) that will not work because that number isn't the same number when using a One Time Password/Authenticator App.

    Are you seeing what I am saying?

    You almost need a warning or something to tell people of this, like turn off 2 step verification while you're setting up your new iPhone/iPad, or whatever.

    This s one of my weaknesses, trying to put what's in my head on paper. I hope you understand what I am trying to say.

  • ag_kevin
    edited February 2015

    @thightower that is correct - you may nee to turn off 2SA when setting up a new phone. DropBox has an article on this predicament too: https://www.dropbox.com/en/help/364

    You may need the emergency code that was provided when setting up 2SA on DropBox.

    Yes, a warning may be a good idea. I'll pass that along.

This discussion has been closed.