TOTP feature for the two-stage login sites

Hi,
Back two months ago at the announcement of TOTP feature I remember seeing some mention that this can as well be used for the two-stage login. I still can not find a way to do this on the latest 1P

«1

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @mzel: Yes! I'm glad you asked. I'll be happy to walk you through setting up TOTP for 1Password. We're in the process of getting our brand new knowledgebase completed, and we definitely need to put a new guide there for this as well.

    I'll just use Google as an example because it is not only A a common login to have, but also B pretty confusing to set up. After this, you should be able to do just about anything! ;)

    1. Log into your Account settings (for Google, this will be at https://myaccount.google.com)
    2. Go to 2-Step Verification -- this is where it can get a little tricky
    3. Authenticate using your phone if needed
    4. Turn on 2-Step and Switch to app (it will make you choose a device, but any will suffice)
    5. When you're given the QR code, click Can't scan the barcode?
    6. Copy the secret key to the clipboard (here's where 1Password comes in...)
    7. Open 1Password and edit the appropriate login item (Google, in this case)
    8. Add Section and name it "TOTP"
    9. Add a new field and choose "One-time Password" as the type
    10. Paste the secret key into it and save your changes
    11. You'll be greeted with a steadily-disappearing pie, which indicates the time before the code expires (don't worry though, there's a little wiggle room here)
    12. Enter your new TOTP code on the Google page and click "Verify and Save" and you'll be set to use the TOTP with your Google account anywhere it's supported

    I hope this helps. Be sure to let me know if you have any questions, and enjoy these fun visual aids. :)


  • MikeT
    edited April 2015

    Also, this isn't the final implementation of our TOTP, we are going to simplify the overall process of adding and using TOTP in 1Password.

  • Vic
    Vic
    Community Member

    Can I do this without using a text on a cellphone? I'm not on a cellphone plan, although I do have a phone on wifi.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited May 2015

    @Vic: I'm not sure exactly what you mean.

    In many cases authentication providers (such as Google) offer an option to send codes via SMS. But 1Password and AgileBits are not providing this service; 1Password supports the TOTP standard to generate the codes but AgileBits is not doing the authentication for these.

    You'd have to check with the authentication service you're using to see if they only offer SMS. I hope this helps! :)

  • svondutch
    svondutch
    1Password Alumni

    Can I do this without using a text on a cellphone?

    @Vic Yes. TOTP is the alternative 2FA method (alternative to the text message you receive on your cellphone).

  • Vic
    Vic
    Community Member

    OK. (I'm doing this again as I got confused the first time around) I copied the code from Google and went to 1Password and looked for the place in my google Login entry to create a new section to be named TOTP as in the instructions above. I can't find anything that allows me to create this new section, let alone to enter a One Time Password. Lots of "edit"s and "add"s, but clicking them does not bring up an Add Section button.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited May 2015

    @Vic: Sorry for the confusion. It isn't you: we've made changes to 1Password for Windows to streamline the process a bit since this discussion began. Thanks for reminding me! Rather than retconning my earlier post to be accurate, I'll just post the updated instructions here:

    1. Log into your Account settings (for Google, this will be at https://myaccount.google.com)
    2. Go to 2-Step Verification – this is where it can get a little tricky
    3. Authenticate using your phone if needed (Google will send you a code via SMS or automated voice call)
    4. Turn on 2-Step and click Switch to app (it will make you choose a device, but any will suffice since you'll actually be setting up 1Password as your authenticator)
    5. When you're given the QR code, click Can't scan the barcode?
    6. Copy the secret key to the clipboard (here's where 1Password comes in...)
    7. Open 1Password and Edit the appropriate login item (Google, in this case)
    8. Click the Add button in the lower left corner
    9. Choose "One-time Password" from the dropdown menu
    10. Paste the secret key into it and save your changes
    11. You'll be greeted with a steadily-disappearing pie, which indicates the time before the code expires (don't worry though, there's a little wiggle room here)
    12. Enter your new TOTP code on the Google page and click "Verify and Save" and you'll be set to use the TOTP with your Google account anywhere it's supported

    Steps 8-10:

    And these instructions should also be available in our knowledgebase shortly. Thanks again for bringing this up! :)

  • Vic
    Vic
    Community Member

    @brenty Thanks for the update. Unfortunately, on my screen, with Logins chosen on the upper left section and with accounts.google.com chosen in the upper right section, clicking the +Add button in the lower left succeeds only in adding a "New Folder" entry to the panel immediately above it (All, Unassigned, Trash). I don't get any drop-down panel from which to make any choices.

  • Vic
    Vic
    Community Member

    @brenty Further to my last comment, I notice that I don't seem to have the same entry screen that you show in your screen capture. I updated my app not long ago, but part of my problem seems to be that I am working with obsolete screens. Any suggestions?

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited May 2015

    @Vic: I think this is where we're getting mixed up:

    7 Open 1Password and edit the appropriate login item (Google, in this case)

    It sounds like you're clicking the + Add button in the main 1Password window. You'll need to double-click your login item (or click Edit) to get to edit the details as pictured above. Sorry for the confusion. I hope this helps! :)

  • Vic
    Vic
    Community Member

    @brenty Nope, my comments still apply, and I checked, my windows app is up to date. When I edit the entry, the screen entitled Login offers the + Add button at the lower left. When activated, it takes me to an entry screen entitled "Login Field," nothing else, no drop-down panel of options, only this dead end where I can only add another field to the panel directly above the button on the Login window with headings Name, Value, Type, Designation. Dead end. Frustration.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Vic: Can you tell me which version of 1Password you're using and perhaps attach a screenshot (be sure not to reveal any sensitive information though!) of what you're seeing? :dizzy:

  • AGAlumB
    AGAlumB
    1Password Alumni

    Logins chosen on the upper left section and with accounts.google.com chosen in the upper right section, clicking the +Add button in the lower left succeeds only in adding a "New Folder" entry

  • Vic
    Vic
    Community Member

    @brenty Here is what I get when I follow the instructions: (attached screen shot) As you can see when I click the edit button (lower right, as your red arrow) all I can get is this Login window which doesn't allow me to create a TOTP entry.

  • svondutch
    svondutch
    1Password Alumni

    @Vic Your version of 1Password is super old and does not support one-time passwords. You can download our latest beta version here. Thanks!

  • Vic
    Vic
    Community Member

    @svondutch I thought so, but that's all I could get from your website. I downloaded the latest offering and was assured that I was up to date. Maybe someone ought to check that.

  • Vic
    Vic
    Community Member

    @brenty OK. I've uninstalled and reinstalled 1Password with the latest Beta. I've successfully arrived at the 12th and final step in the instructions. Again I've drawn a blank. Which Google page are you referring to and where is "Verify and Save" to be found. Sorry this has proven so drawn out.

  • Hi @Vic,

    I thought so, but that's all I could get from your website

    Strange, I checked our page, it's only offering 1Password 4 on the downloads page here: http://agilebits.com/downloads and it's been the same for several months.

    Did you download it elsewhere? If yes, can you tell us where and we can fix it to make sure it is pointing to the latest version.

    I downloaded the latest offering and was assured that I was up to date. Maybe someone ought to check that.

    For 1Password 1.x customers, the auto-update will always check for updates for that specific major 1.x version, it will not check for 4.x updates. This is intentional and 4.x version series is a separate download.

    Which Google page are you referring to and where is "Verify and Save" to be found. Sorry this has proven so drawn out.

    This is the same Google page where it gave you the secret for you to enter, it's a way to make sure the secret it gives you is the correct one. Here's the screenshot:

  • Vic
    Vic
    Community Member

    @MikeT What happened is that my 1P 4 downloads didn't uninstall older installs and I guess the check for auto-updates got confused. Anyway I uninstalled everything and then reinstalled the latest beta. That fixed that problem. My last question involved where on the google page to enter the code. In my time on the google site, I haven't encountered the Authenticator or the barcode scanner. I got my code from the reinstalled app and device page. Maybe I should try to find the Authenticator?

  • Vic
    Vic
    Community Member

    @MikeT Also I notice that your page is for Android. I'm on Windows 7. Does that make a difference?

  • Vic
    Vic
    Community Member

    @MikeT Also I got my 6 digit code from an automated call (voice) to my home phone, since I'm not on a text-enabled plan. It seemed to work alright and entered OK onto the 1P page.

  • MikeT
    edited May 2015

    Hi @Vic,

    What happened is that my 1P 4 downloads didn't uninstall older installs and I guess the check for auto-updates got confused.

    1Password 4 won't uninstall 1Password 1.x for sure, you have to do that manually. This is to make sure your upgrade to 1Password 4 goes smoothly and you can uninstall the previous version after 1Password 4 is working fine. However, the auto-updater itself checks for its specific versions.

    My last question involved where on the google page to enter the code. In my time on the google site, I haven't encountered the Authenticator or the barcode scanner. I got my code from the reinstalled app and device page. Maybe I should try to find the Authenticator?

    The red box that I laid on the screenshot is where you enter the code, you get the code from 1Password after you save the secret in step 10. You should see something like this in 1Password when you saved the login:

    That's the code you copy and enter it into the Verify and Save box on Google's web page.

    1Password is your authenticator, you don't need to install anything else, you just need a web browser and 1Password.

    Also I notice that your page is for Android. I'm on Windows 7. Does that make a difference?

    The page goes to our downloads page that shows all of 1Password versions, including Windows. Where you access the page from should not matter, it is the same web page on all platforms.

    Can you take a screenshot of what you're seeing and upload it here?

  • wkleem
    wkleem
    Community Member

    Something else to consider which is whether TOTP/2FA spans devices. Can my iPad continue from where my IPhone left it if I hadn't brought along my iPhone and/or other supported smartphone with me.

    Google can authenticate to multiple devices but it's off by default.

    If you've already set up your Google Authenticator for a single device then you will need to delete and set it up again.

  • MikeT
    edited May 2015

    Hi @wkleem,

    I think that's the app password restriction, not the two step verification codes. Google has extra restrictions in place to prevent the app password from being used again after that specific password has been used to authenticate an app. This is not the same as the two-step verification process.

    Two step verification does not restrict you to any devices, you just need to have an authenticator with the secret stored. In this case, 1Password is your authenticator and any devices you're syncing with 1Password will be able to generate the codes for you. This means you can use 1Password on Mac, PC, iOS and other platforms we have.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Also I notice that your page is for Android. I'm on Windows 7. Does that make a difference?

    @Vic: I just wanted to clarify this since it's kind of confusing. Google gives you a few options when setting up (step 4 above):

    Turn on 2-Step and click Switch to app (it will make you choose a device, but any will suffice since you'll actually be setting up 1Password as your authenticator)

    You'll get the same code no matter which one you choose, and all will work with 1Password. The only significance of this step is that Google will give you specific instructions to set up their authenticator on that particular device. This is why the screenshot MikeT posted shows Android (my original illustration showed iPhone).

    The instructions for installing and setting up Google's app can be ignored, since you're going to be using 1Password anyway. :)

  • AGAlumB
    AGAlumB
    1Password Alumni

    @svondutch I thought so, but that's all I could get from your website. I downloaded the latest offering and was assured that I was up to date. Maybe someone ought to check that.

    @Vic: Are you certain you're not using Windows Vista? 1Password 4 for Windows officially requires Windows 7, so I wonder if the website is giving a different download link if you're using an older version. Also, which web browser are you using? This is what I get when I go to download 1Password on Windows 7 with Internet Explorer 11:

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited May 2015

    Something else to consider which is whether TOTP/2FA spans devices. Can my iPad continue from where my IPhone left it if I hadn't brought along my iPhone and/or other supported smartphone with me.
    Google can authenticate to multiple devices but it's off by default.
    If you've already set up your Google Authenticator for a single device then you will need to delete and set it up again.

    @wkleem: For our purposes, 1Password is the 'device'. You're entering the TOTP secret into 1Password, and it uses this to generate the code algorithmically based on time. If you have multiple devices syncing this information, you can see the exact same code on all of them simultaneously. I find this strangely hypnotic. :)

  • Vic
    Vic
    Community Member

    @brenty etc:Here is what I am doing and then my question.

    This is where I am back in my google account. WHERE do I go in that account to enter that you refer to in step 12?

  • Vic
    Vic
    Community Member

    @brenty etc: To clarify, I copied the code after the "One Time Password" and the rotating clock icon in my fifth screen and in my final screen I looking for a place to enter it as directed.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Vic: It appears that you're getting off-track at step 2. So from your first screenshot on in your previous post you've taken a bit of a detour that won't get you where you need to be. You need to go to 2-Step Verification at https://myaccount.google.com instead of App Passwords:

This discussion has been closed.