The 1Password Community forums are in read-only mode from Jan 28th - Feb 4th, 2025. Find out more.

One-time password using PIN and Key

dfankhau
dfankhau
Community Member
in Mac

I have a login that requires a 4-digit PIN and a shared secret of 16 characters. Does 1Password support this type of time-based one-time passwords (TOTP)?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @dfankhau,

    There are a number of TOTP standards out there. We support RFC 6238, the same as Google Authenticator. If the site supports RFC 6238 then it will work in 1Password. Do you happen to know what standard they're using?

  • dfankhau
    dfankhau
    Community Member

    Thanks @littlebobbytables. I did some more research to see what we are using with our application and it is MOTP (Mobile OTP). I found some more information on this at the following links:

    http://motp.sourceforge.net

    http://security.stackexchange.com/questions/12279/mobile-otp-secure

    I found the following info from the second link above...

    "On the client side, the secret is split into two parts: a 64-bit secret which is held inside the device (what you have), and a 4-digit PIN that the user must enter every time (what you know). In this way, MOTP provides two-factor authentication. The device does not know the PIN, it blindly computes the authentication value from the supplied PIN each time.

    A typical MOTP device has a keypad and a screen capable of displaying 6 digits, a processor with very low performance requirements (must be able to compute an MD5 of 20 bytes in the blink of an eye), a clock, and possibly some tamper resistance to protect the secret. There are single-purpose MOTP devices as well as implementations on mobile phones. On a single-purpose device, the device displays a 6-digit authentication code which is valid for a couple of minutes (3 minutes minus the time it takes from computing the authentication code on the client to the verification on the server, plus or minus the consequences of clock drift). On a mobile phone, the authentication code may either be displayed or directly used by the client application."

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @dfankhau,

    Sadly we're not compatible with MOTP. This is different approach to TOTP compared to RFC 6238 and they won't generate they same codes. I'm afraid you will have to look at the use of a different app to support the site in question - sorry.

  • dfankhau
    dfankhau
    Community Member

    @littlebobbytables,

    Thanks for your help and for answering my question. I will use another app. Perhaps in the future, you might think of adding such a capability as I would love to do all of my authentication through 1Password. I've come to depend on it a lot!

  • Drew_AG
    Drew_AG
    1Password Alumni

    On behalf of littlebobbytables, you're very welcome! I don't know much about MOTP and if it's possible to support that in 1Password, but I can certainly let our developers know you'd be interested in that feature. Thanks for letting us know!

    If you have more questions or need anything else, we're here for you. :)

This discussion has been closed.