Trying to understand how and when the One-Time Password feature is used...

The18thLetter
The18thLetter
Community Member
edited February 2015 in iOS

I'm totally ignorant on this and am still trying to wrap my head around how this feature works and whether or not it makes any difference in my day to day usage of 1Password on my Mac, iPhone, and iPad. I've read the guides on how to implement these features and followed them, but something doesn't add up for me...

Using my Dropbox account as an example, I have 2-Factor Authentication turned on. When I attempt to log in to the Dropbox website, I'm greeted with a request to enter the 6-digit code that was sent to me via text message to my iPhone. I enter that code, and I'm in. Simple enough.

With this One-Time Password feature, does this replace the 6-digit code? (I assume not, since I tried to login this way and it did not work.)

Thanks for any direction anyone can provide.

Comments

  • ag_kevin
    ag_kevin

    Hello @The18thLetter ,

    One-time passwords in 1Password would be used instead of SMS sending. Basically, when you go in to set up two step authentication in Dropbox, instead of giving it a mobile phone number to send the code to, you can choose to scan a code to generate one-time passwords. It'll show you a URL and QR code. You then scan that with your iPhone or iPad (or enter the URL), and save it in 1Password. Then when logging into Dropbox, 1Password can display (and fill in) the username, password, and the current one-time password. The one time password changes every 30 seconds, and is generated based on the code you first scanned when you set it up.

    The upside to this is that you can use this when your phone is not nearby (e.g. you are using your iPad and left your phone in another room), or doesn't have signal. But if you are happy with receiving codes via SMS, then you don't need to use a one-time password.

    Note that the Mac version doesn't yet support one time passwords but the feature is coming very soon.

    I hope I've explained it properly. Feel free to reply if you have further questions.

  • The18thLetter
    The18thLetter
    Community Member

    Hey @hayesk ,

    Thanks for the help. I think I got it.

    This seems to be something that can be very useful when you travel abroad and may not have access to your regular phone number and can't receive regular SMS's; I use iMessage when I travel abroad since pretty much everyone I know has an iPhone, but I have to disable 2FA for my services while I travel since they don't work with iMessage without a phone number.

    In that scenario, I imagine I could use this feature instead of having to disable 2FA, right? I was researching the use of an app like Authy to replace SMS for 2FA while I travel abroad, but I guess the One-Time Password feature would replace that as well, correct?

    Thanks again for any more help you can provide.

  • Ben
    Ben

    Authy and the 1Password TOTP feature serve the same purpose, yes.

    Thanks!

  • three-cushion
    three-cushion
    Community Member

    As I suspected in an earlier post...2Step authentication depends on a different verify path via a separate device. I don't think much of this verification. It just sells more devices! Bummer.
    There are better approaches. Even what I call a 2nd level authentication is better...and requires only one device. Many, many sites require this simpler mode...I'm glad that they do. I Still have not found a web site that REQUIRES 2Step verify. Hope than none will.....Jim b

  • Megan
    Megan
    1Password Alumni

    Hi Jim ( @three-cushion ),

    Adding an extra stage to the verification process can increase your security, but if you're already using strong and unique passwords for each site that you visit, then you're in a pretty good position. :)

    To learn more about our new TOTP feature, have a read through our security guru's blog post: TOTP for 1Password Users. It's pretty informative!

This discussion has been closed.