Filling One Time Passwords
So I have a little confession to make here: it's been a really busy month and so the only website that I tested filling of Time-based One Time Passwords (TOTP, aka 2FA, aka those numbers you need to type in when asked) was github.com. It was the first alpha so I thought that was a fine starting point. :)
To make future alphas better I need some help with the other sites out there that support one time passwords. I have a Google account and a Amazon Web Services account, so I'll be fine testing those. There's many more out there, however. If you have a site that won't fill your TOTP when you ask 1Password to, please let me know in this thread. I'll need to see the HTML for the page so please include it (ctrl click on the page and select View Source). If it's for a site that allows people to signup for free, just including the signup URL will be easier for all of us.
Thanks everyone!
Comments
-
Weird...on Amazon Web Services I found we're failing to even generate the one time password, let alone fill it. I'll try to get that fixed up for the second alpha.
0 -
My FastMail account does not seem to have the TOTP filled automatically. Unfortunately, the URL is static. You have to successfully submit the username and password to reach the TOTP prompt.
0 -
PayPal. It's a weird one because of the hoops you have to jump through to set it up in 1Password, but I figure this is the right audience...and we may learn something from the page at least... ;)
<!DOCTYPE html><!--[if lt IE 9]><html lang="en" class="no-js lower-than-ie9"><![endif]--><!--[if lt IE 10]><html lang="en" class="no-js lower-than-ie10"><![endif]--><!--[if !IE]>--><html lang="en" class="no-js"><!--<![endif]--><head><!--Script info: script: node, template: , date: , country: , language: web version: content version: hostname : rZJvnqaaQhLn/nmWT8cSUjOx898qoYZ0LPVVBggesceeki295KWwxo/ppoPbsMcM0X6Eew54WsErlogid : --><!--Script info: script: node, template: , date: Jun 21, 2017 09:53:27 -07:00, country: US, language: en web version: content version: hostname : rZJvnqaaQhLn/nmWT8cSUjOx898qoYZ0LPVVBggesceeki295KWwxo/ppoPbsMcM0X6Eew54WsE rlogid : nMtBIApfvtmcSYyrna436gWmsTOfE8GjxbaxYq%2Bewlj3ZacdGyoeFjIAluVKcI0YoEONLjAZ2ppnRaI7%2FAz7hsTFJ2%2BO44Pg_15ccb92b2c0 --><meta charset="utf-8" /><title></title><meta http-equiv="content-type" content="text/html; charset=UTF-8" /><meta name="application-name" content="PayPal" /><meta name="msapplication-task" content="name=My Account;action-uri=https://www.paypal.com/us/cgi-bin/webscr?cmd=_account;icon-uri=http://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico" /><meta name="msapplication-task" content="name=Send Money;action-uri=https://www.paypal.com/us/cgi-bin/webscr?cmd=_send-money-transfer&send_method=domestic;icon-uri=http://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico" /><meta name="msapplication-task" content="name=Request Money;action-uri=https://personal.paypal.com/cgi-bin/?cmd=_render-content&content_ID=marketing_us/request_money;icon-uri=http://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico" /><meta name="keywords" content="transfer money, email money transfer, international money transfer " /><meta name="description" content="Transfer money online in seconds with PayPal money transfer. All you need is an email address." /><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico" /><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png" /><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1, user-scalable=yes" /><link rel="stylesheet" href="https://www.paypalobjects.com/web/res/309/ca47ad801c0df1585a852d1d3826b/css/app.css" /><!--[if lte IE 9]><link rel="stylesheet" href="https://www.paypalobjects.com/web/res/309/ca47ad801c0df1585a852d1d3826b/css/ie9.css" /><![endif]--><script src="https://www.paypalobjects.com/web/res/309/ca47ad801c0df1585a852d1d3826b/js/lib/modernizr-2.6.1.js"></script><style id="antiClickjack">body {display: none !important;}</style><script>if (self === top || /\.paypal\.com$/.test(window.parent.location.hostname)) {var antiClickjack = document.getElementById("antiClickjack");antiClickjack.parentNode.removeChild(antiClickjack);} else {top.location = self.location;}</script></head><body class="desktop" data-view-name="twofactor"data-template-path="https://www.paypalobjects.com/web/res/309/ca47ad801c0df1585a852d1d3826b/templates/US/en/%s.js"data-csrf-token="fFecnXIKLCva2tVN0KU56JmVwH7o9qJlUQveU=" data-locale="en_US"><noscript><p class="nonjsAlert" role="alert">NOTE: Many features on the PayPal Web site require Javascript and cookies.</p></noscript><!-- id should be first parameter --><div id="main" role="main"><section id="security" data-role="page" data-title="Type in Your Code"><div class="corral"><div id="content" class="contentContainer contentContainerLean"><header><p class="paypal-logo paypal-logo-monogram">PayPal</p></header><div id="notifications" class="notifications"></div><h1 class="headerText">Type in Your Code</h1><p id="hardTokenHeader">To get a new code, press the button on your Security Key (Serial number VSST29264342).</p><form action="/auth/twofactor" method="post" class=""name="2fa"autocomplete="off" novalidate><input type="hidden" id="token" name="_csrf" value="fFecnXIKLCva2tVN0KU56JmVwH7o9qJlUQveU="><div class="textInput " id="security-codediv"><div class="fieldWrapper"><label for="security-code" class="fieldLabel">Security Code</label><input id="security-code"name="security-code"type="number"class="hasHelp validate"value="" autocomplete= "off" placeholder= "Security Code" data-validate= "security-code" /></div><div class="errorMessage"id="security-divErrorMessage"><p class="emptyError hide">Type in your code.</p><p class="invalidError hide">Your code should be 6 numbers.</p></div></div><p class="tryAnotherMsg">Don’t have a key handy? <a id ="tryAnotherOption" href="https://www.paypal.com/auth/stepup?returnUri=signin&state=returnUri%3Dhttp%253A%252F%252Furi.paypal.com%252FWeb%252FWeb%252Fcgi-bin%252Fwebscr%253Fvia%253Dul%26state%3D%253Fcmd%253D_account&country.x=US&locale.x=en_US&nonce=2017-06-21T16%3A50%3A55Z_U1iuPRuxZvW172FE9bkPJlo9GddV6Lc91ABfaJifis&stsReturnUrl=https%3A%2F%2Fwww.paypal.com%2Fsignin&stepupContext=twofactor&flowContext=2fa" class="inlineLink scTrack:authchallenge-tryAnotherOption">Try another way</a></p><div class="actionsSpaced"><input id="btnCodeSubmit" name="btnHardTokenSubmit" type="submit" value="Continue" class="button" /></div></form></div></div><footer class="footer" role="contentinfo"><ul class="footerGroup"><li><a href="/us/cgi-bin/webscr?cmd=_help">Contact Us</a></li><li><a href="/us/webapps/mpp/ua/privacy-full">Privacy</a></li><li><a href="/us/webapps/mpp/ua/legalhub-full">Legal</a></li><li><a href="/us/webapps/mpp/country-worldwide">Worldwide</a></li></ul></footer></section></div><div class="transitioning hide"></div><script data-main="https://www.paypalobjects.com/web/res/309/ca47ad801c0df1585a852d1d3826b/js/config" src="https://www.paypalobjects.com/web/res/309/ca47ad801c0df1585a852d1d3826b/js/lib/require.js"></script><script src="//www.paypalobjects.com/pa/js/pa.js"></script><script>(function(){if(typeof PAYPAL.analytics != "undefined"){PAYPAL.core = PAYPAL.core || {};PAYPAL.core.pta = PAYPAL.analytics.setup({data:'pgrp=authchallengenodeweb%2Fpublic%2Ftemplates%2Ftwofactor.dust&page=authchallengenodeweb%2Fpublic%2Ftemplates%2Ftwofactor.dust&qual=hardToken&tmpl=authchallengenodeweb%2Fpublic%2Ftemplates%2Ftwofactor.dust&pgst=1498064007872&lgin=&vers=&calc=bceb8797c575a&rsta=en_US&pgtf=Nodejs&s=ci&ccpg=&csci=6d12499e32a743a6a7fb6a3f1b74c743&comp=authchallengenodeweb&tsrce=unifiedloginnodeweb&pxpguid=&goal=&fltp=&flnm=&erpg=&erfd=&eccd=&cust=&acnt=&aver=&rstr=&pfid=&bztp=&mbtp=', url:'https:\/\/t.paypal.com\/ts'});}}());</script><noscript><img src="https:https://t.paypal.com/ts?nojs=1&pgrp=authchallengenodeweb%2Fpublic%2Ftemplates%2Ftwofactor.dust&page=authchallengenodeweb%2Fpublic%2Ftemplates%2Ftwofactor.dust&qual=hardToken&tmpl=authchallengenodeweb%2Fpublic%2Ftemplates%2Ftwofactor.dust&pgst=1498064007872&lgin=&vers=&calc=bceb8797c575a&rsta=en_US&pgtf=Nodejs&s=ci&ccpg=&csci=6d12499e32a743a6a7fb6a3f1b74c743&comp=authchallengenodeweb&tsrce=unifiedloginnodeweb&pxpguid=&goal=&fltp=&flnm=&erpg=&erfd=&eccd=&cust=&acnt=&aver=&rstr=&pfid=&bztp=&mbtp=" alt="" height="1" width="1" border="0"></noscript></body></html>0 -
That's perfect! Thank you, @brenty.
@Fooligan: for FastMail can you do me a favour and inspect the 2FA field and take a screenshot for me? I mainly care about the input field itself but seeing the surrounding content is also helpful. If you could position the screen just right you should be able to fit the inspected input field as well as the login page itself like so:
Thanks!
0 -
Ok, things have gotten much better in 0.7.3 with these two changes:
[IMPROVED] Can now fill 2FA codes on PayPal, GMail, and Amazon Web Services.
[FIXED] Can now display 2FA codes for Amazon and other sites that don't use a full URL for storing the secret.Please verify it works for you and keep the bug reports (along with pics of the 2FA token input field being inspected like above) coming! <3
0 -
Looking forward to improvements there as well. :) :+1:
0 -
Awesome! Thanks for letting me know. At the risk of overpromising, I am working on the "can't submit after filling" issue today. With any luck I'll actually fix it, too! :)
0 -
No worries. I hate being nit picky. But, I know that you and the team strive for perfection. So, I just want to make sure you know about the small things too.
0 -
"Little things" matter a lot. Keep it up! :)
0 -
-
Thanks! I'll take a peek under the hood of MacRumors and see what we can find out.
0 -
@beyer I found another site, live.com (for outlook and Hotmail users). With that site, nothing fills. It's one of those logins that the 1st screen shows to put the user name, the next the password, then the OTP from there. But nothing fills at all.
On my Mac, it auto-fills, but I do have to click on the extension each time for each screen.0 -
:) :+1:
0 -
@prime: I just published 0.7.5 and you managed to make not just one but two appearances in the changelog! :)
You can now fill one time passwords at MacRumors! And Live.com works for the email, password, and one-time passwords as well. The only slight quirk on Live.com is you have to manually add a character and then delete it after filling the OTP before Microsoft will allow the form to be submitted. I know why this is happening and hope to improve it in a future update.
Thanks again for all your help! Keep the feedback coming! <3
0 -
Monday's and Wednesday's are my busiest "life" days, so I mentally need to work on the weekend to make ends meet. :)
Glad it's working for you! I'm going to go fix that quirk with the 2FA code on Live.com right after I catch up on the forums here.
0 -
For some reason, I am not able to fill in any 2F codes with version 0.7.5?
I have tried on the following web sites:
- FastMail
- Amazon
I tried in Google Chrome and Chromium:
Google Chrome Version 59.0.3071.109 (Official Build) (64-bit).
Chromium Version 58.0.3029.110 Built on Ubuntu , running on Ubuntu 16.04 (64-bit)0 -
Hey @Fooligan:
Thanks for letting us know. It looks like I'm experiencing some inconsistent results with the websites you listed as well. I'm going to troubleshoot this further and I'll send you a message if we deem additional information from you would be beneficial.
Cheers :)
--
Andrew Beyer (Ann Arbor, MI)
Lifeline @ AgileBits0 -
Thank you, @Fooligan! I just fixed this on my machine. This issue was a bit weird as I swore I made these exact code fixes already. I must have reverted them by accident when rolling back some other changes.
The change should be included in the 0.7.6 release later this week – maybe even tonight, depending on how busy life is after I pick up my kids from school. :)
Take care and thanks again for the bug report!
0 -
The perils of Git strike again!
Thanks.
0
