Improvement for 2FA/TOTP Password handling
Hi guys,
With now nearly every major site supporting 2FA authentication the handling in 1Password is still manual and leaves a bit to desire.
Wouldn't it be about time to consider an improvement in this area?
Link to the original (closed) thread: https://discussions.agilebits.com/discussion/50413/can-we-have-a-keyboard-shortcut-to-fill-in-totps
Thanks for considering it,
-b
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@binaranomaly: It's always something we're considering. I'm not sure I'd agree on the "nearly every major site" point. That's pretty subjective. But if you take into account how difficult it is to get 1Password to fill passwords on some sites, you can imagine that having it know how to deal with TOTP codes as well in every varied case adds another degree of complexity. For now, we're adding automatic copy of TOTP codes to make things a bit easier, and we'll continue to investigate other options as well. Cheers! :)
0 -
@brenty: Of course "nearly every major site" is pretty subjective but maybe let's just agree on the fact that there are definitely more and more sites supporting TOTP and that the general trend is more towards TOTP (or stronger) than away from it if security matters?
Automatic copy would already be a welcome first improvement.
On the other hand, in most cases there is "just" a second screen appearing with 1 form input field in in I would guess > 80% of the cases? Why not just allow the "fill login" shortcut to populate this field with the TOTP after login/pw has been filled?
Ever thought about proposing a w3c/rfc standard to make things simpler?
Happy new year :)
0 -
Of course "nearly every major site" is pretty subjective but maybe let's just agree on the fact that there are definitely more and more sites supporting TOTP and that the general trend is more towards TOTP (or stronger) than away from it if security matters?
@binaranomaly: Yes! Finally! :)
Automatic copy would already be a welcome first improvement.
Glad to hear it! Looking forward to having that on all platforms. :sunglasses:
On the other hand, in most cases there is "just" a second screen appearing with 1 form input field in in I would guess > 80% of the cases? Why not just allow the "fill login" shortcut to populate this field with the TOTP after login/pw has been filled?
Hmm. Well, this gets us into a bit of a philosophical debate. We believe pretty strongly that 1Password shouldn't do anything without user intervention, so on the second page you'd still need to trigger it to fill. That right there makes it seem less useful. You're right about the second page thing, but often these aren't a true second page, but another form/field that appears after the username and/or password is entered. That's where things get complicated. It's something we're motivated for ourselves though, since, as you can imagine, we have out fair share of TOTP logins too. ;)
Ever thought about proposing a w3c/rfc standard to make things simpler?
Yes. Unfortunately there are well established login form standards in general, and we know how that's turned out. :lol:
Happy new year :)
Happy new year to you as well! Let's make it a great one! :chuffed:
0 -
We believe pretty strongly that 1Password shouldn't do anything without user intervention, so on the second page you'd still need to trigger it to fill.
Totally agree there. Why not just let the user hit the shortcut to "fill login" (again) or introduce a dedicated shortcut for TOTP filling? (Sidenote: If I hit the "fill login" shortcut again, today it often fills in the login name into the TOTP field ;) )
0 -
Hello @binaranomaly,
Hopefully there are a few possibilities, ways in which we can make this better in the future. Sadly we can't talk about any form of ETA or what might happen until it's in a beta and everybody can see it but we do understand it's something people would like to see and we'd benefit from it ourselves too as 1Password users. I'm positive it will happen eventually, it's just a matter of time and I look forward to when it doesn't have to be discussed in these general terms.
0 -
@littlebobbytables Thanks for your feedback. I'm glad it's on the radar. I'm looking forward too see it solved in 2017 eventually ;)
0 -
:+1:
0 -
+1 or whatever vote of interest applies.
The 2FA in browsers and mobile is very annoying as having to open the full 1Password application to pull the TOTP code is troublesome. Even if it was easily view-able from the extension on the desktop would be a step in the right direction. I don't mind if it isn't auto-matic but accessing the token should require a lot less friction than current state.
0 -
Thanks for your vote, @nullstream!
0