TOTP on Twitter
Hello,
I have recently signed up for families, and I am really happy with it so far. I have a question about one-time passwords. I have successfully set up TOTP on several sites (gmail, Facebook, etc.) and have successfully used the QR code scanner in 1PW to set up the TOTP. I have been trying to do the same with Twitter unsuccessfully. I do the following:
-Go into twitter and request one-time password setup
-Twitter displays QR code (it also shows a secret key of some kind below the QR code, which I am guessing is whatever is encoded in the QR code, but who knows)
-I go into 1PW and into my Twitter login and edit it to read a TOTP QR code, and 1PW gives me the scanner box
-I move the scanner box over the QR code on Twitter and it won't read it.
The only thing different I can see between this case and the other ones I have successfully set up is that Twitter brings up a floating pane in front of the Twitter webpage, and the QR code is on this floating pane... But it is perfectly visible.
Anyway, I can't get it to work. Am I doing something wrong? Or is there another way to use that secret key twitter displays to enter the TOTP manually? I am using 1PW Mac 6.7.1 (at least where this problem is occurring)
Thanks
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@Gebo: Hmm. Last I heard it was only possible to use TOTP with Twitter in conjunction with SMS. But maybe I'm missing something.
It could be that the QR code they're giving is invalid, or 1Password is being prevented from reading it for some reason. On occasion we've encountered apps that caused this. It sounds like you are you able to read QR codes from other sites with 1Password. Is that correct?
It isn't always offered, but usually there's an option to get the TOTP secret as a text string instead of a QR code. What options are you given? It also might be worth restarting your Mac and trying with another browser, in case there's a glitch there. Which on are you using?
0 -
As far as I can tell, twitter lets you use TOTP with SMS or alternatively with a mobile app (like the google code generator)
When I click on Settings and Privacy menu, it gives me an option button to "Setup a Code Generator App", below this is a description "Use an authenticator app to generate a time-based passcode that can be used to access your account."
When I click this button, I get a new pane hovering over the twitter page that has a QR code on it, and on this same pane, right below the QR code, it says "Secret Key:" followed by a string of letters and numbers.
I am using Safari 10.1.1 on a MacBook Pro with touchbar 13 inch, and 1PW 6.7.1
I have successfully used this same Safari to do other QR codes (Facebook, gmail). I have tried twitter more than once with restarts in between.
Since it is giving me the text secret key, can I use that? I have tried pasting it into the field but it doesn't seem to do anything
0 -
I have Twitter set up with OTP with SMS back up. I actually just set it up 2 weeks ago, took a while also. For some reason it wasn't easy.
0 -
@prime: Thanks, that was my understanding as well. I hope they rethink this.
As far as I can tell, twitter lets you use TOTP with SMS or alternatively with a mobile app (like the google code generator)
@Gebo: Yeah, that's why I haven't done anything with it. SMS is insecure, and I'd also rather not pay international rates just to have TOTP. :lol:
When I click on Settings and Privacy menu, it gives me an option button to "Setup a Code Generator App", below this is a description "Use an authenticator app to generate a time-based passcode that can be used to access your account."
When I click this button, I get a new pane hovering over the twitter page that has a QR code on it, and on this same pane, right below the QR code, it says "Secret Key:" followed by a string of letters and numbers.This! Copy the "Secret Key" to your clipboard and paste it into a new custom field set to "one-time password" type in your Twitter login item instead of using the QR code.
I am using Safari 10.1.1 on a MacBook Pro with touchbar 13 inch, and 1PW 6.7.1
I have successfully used this same Safari to do other QR codes (Facebook, gmail). I have tried twitter more than once with restarts in between.Since it is giving me the text secret key, can I use that? I have tried pasting it into the field but it doesn't seem to do anything
It won't do anything fancy. Just save it and it should generate and show TOTP codes right in your login item. :)
0 -
Ok thanks I'll give that a try
0 -
That seems to work. One thing that was a little odd was, in the 1PW app, when I click "one-time password" in the little menu on the right hand side of 1PW to create a one-time password section - it doesn't give me anywhere to paste the key. What I did instead was define the section as "text" first, then paste in the key, then after that I changed the menu designator to "one-time password" and it worked. Works fine, just took me a few minutes to figure out how to do it.
On the twitter side, quite annoying - it appears you can't tell it not to send you texts even if you set up the time based OTP, so I get texts even though I can successfully use the TOTP to log in... That's their problem of course
0 -
That seems to work. One thing that was a little odd was, in the 1PW app, when I click "one-time password" in the little menu on the right hand side of 1PW to create a one-time password section - it doesn't give me anywhere to paste the key. What I did instead was define the section as "text" first, then paste in the key, then after that I changed the menu designator to "one-time password" and it worked. Works fine, just took me a few minutes to figure out how to do it.
@Gebo: I'm not sure what you mean. Custom fields are always simple text fields. No matter what you set the "type" to, you can paste into it. Glad you got it setup! :)
On the twitter side, quite annoying - it appears you can't tell it not to send you texts even if you set up the time based OTP, so I get texts even though I can successfully use the TOTP to log in... That's their problem of course
Yeah, not a fan. Hopefully they improve this in the future. Cheers! ;)
0 -
Sorry, I should have been more clear on the first comment - if I start with a generic custom field, it has a box to receive text like you said. If I then go to the right side, click the little ball with three dots in it and select one-time password, and I do this before I paste anything in there, it gives me the little square QR icon to click, but it also takes the text field away for that custom field (presumably because it is awaiting the QR code scan instead). So if I set it back to text, then I paste in the secret key text, then after that I change it to a one-time password field, it works. I was just saying that if I set it as a onetime password field before I paste anything in there, it seems to take away the text field
0 -
To clarify - it obviously works fine - it was just a little confusing because I set it to onetime password first, then looked to paste it second, when I should have done the reverse
0 -
It was goofy how Twitter has it. I had to be logged on Twitter from a computer and not a mobile device. You think they would make it easier.
0 -
Thanks for the update! :) Glad to hear you were able to get this working.
Enjoy the rest of the weekend!
Ben
0 -
To clarify - it obviously works fine - it was just a little confusing because I set it to onetime password first, then looked to paste it second, when I should have done the reverse
@Gebo: It works either way here. Are you saying you're not able to paste into the field when you choose "one-time password" type?
0
