How do I fill in a one-time password in the Android 1Password app?

oldmankit
oldmankit
Community Member

I tried to login to a site this morning using the browser in the Android 1Password app. I selected the entry I wanted and clicked on its url. I am taken to a browser window and can successfully enter the username and password. Then I get to another page which asks for my 2 factor authenticion. How do I enter it? When I tap on the key icon in the bottom right of the screen, it auto-fills my username instead of the OTP.

The only way I can get to my OPT is by pressing the 'back' button, which takes me out of the browser with no way back in, except to go to the login page, and then I'm back to square one.

The only way I can see around this is to use a third-party browser. That would be a bit lame since I would trust the 1Password browser more.

This is possible in the iOS app because there is a dedicated button to switch to the browser. You can find an entry, copy any contents, click on the browser button and it will take you back to the last page visited. You can even open multiple tabs. Is this functionality missing from Android?


1Password Version: 6.7.2
Extension Version: Not Provided
OS Version: 8.0.0
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @oldmankit: Correct. Essentially 1Password's built in browser has only very limited functionality. The browser ecosystem on Android is much more vibrant than on iOS, and there are a number of powerful, trustworthy, privacy-focused browsers like Firefox, Brave, and others that are escaping me at the moment. So we definitely recommend using 1Password to fill in the browsers themselves, and then you can also copy and paste your TOTP code from the 1Password app. You can probably even use 1Password's new autofill and accessibility filling since you're on Android 8, and hopefully we'll be able to expand that to support TOTP codes as well in the future. Thanks for letting us know that's something that could help you as well! :)

  • oldmankit
    oldmankit
    Community Member

    Thanks Brenty. Well at least the saving grace with modern Android versions is that you can do split screens between apps rather nicely. By the way I have set-up the accessibility filling, and I found the 1Password documentation a bit misleading. It fails to mention that setting up accessibility will reset the phone's encryption password to default, which essentially means the phone becomes unencrypted after doing this. (This is using Android Oreo.) All you need to do is go back and set a new encryption password, but I think the 1Password documentation should make absolutely clear what is going on here. Sorry to divert to a different subject, I guess it was still on my mind…

  • @oldmankit I wanted to jump in here to help explain the discrepancy between the documentation and what you're seeing on your device. To do so though, I should probably provide a bit of background information...

    Prior to the introduction of Direct Boot in Android 7.0, devices were encrypted with full-disk encryption if they were encrypted at all. This meant that a single secret was used to secure the contents of the disk (both system and user storage). If you set the system to require your password on boot, then your password became the secret that secured the contents of the disk. Otherwise, a device secret was used instead.

    On devices running with this kind of full-disk encryption, enabling an accessibility service switches the device from securing the disk with a user secret to securing it with a device secret. Switching to using a device secret to secure the disk allows the accessibility service to loaded before the user has entered their password on device boot. I won't presume to speak for the engineers that made this decision, but my guess is the thinking was that a person needing the use of an accessibility service will also need that service to enter their password.

    Direct Boot was added in Android 7.0 as a more flexible alternative to the full-disk encryption that was used in earlier OS releases. Rather than protecting the entire disk with the same secret, Direct Boot separates the storage into a part that is secured with a device secret and a part that is secured with a user secret. Services that need to run at device boot can be written to and read from the part that is secured with the device secret. Everything else is stored in the part that is secured with the user secret.

    On devices that support Direct Boot, there is no need to make any changes to how the device is secured when enabling an accessibility service. This is because the accessibility service can be loaded from the part of the disk that is secured with the device secret before the user has entered their password.

    When we wrote the documentation for the 1Password accessibility service, we had assumed that all manufacturers would be implementing Direct Boot for their devices running Android 7+. From what you've indicated above, this assumption doesn't hold to be true as it would appear that your device doesn't support Direct Boot. Thank you for pointing this out so that we can make the correction in our documentation!

  • oldmankit
    oldmankit
    Community Member

    Hi @mverde, and thanks a lot for that really detailed explanation. I get it now.

    The phone I am using is a Xiaomi Mi A1, which uses the "Android One" version of Android. When I turned on accessibility for 1Password, I received a security warning, though I can't remember the exact details of that. If it helps, I can disabled it and re-enable it in order to find the exact message I got. I was unsure and did a bunch of research which led me to the conclusions that I made earlier, which were possibly erroneous conclusions.

    The reason I thought that encryption had returned to default password was because after doing this, the device booted up fully and only asked for a password to 'unlock', not to boot. But I see that this doesn't necessarily mean that the phone was no-longer encrypted safely.

    I think since I spent a bit of time having to research it despite carefully reading the 1Password documentation, yes there is probably a bit more that could be done to explain what's happening. I was brand new to Android and was quite confused by the process, and obviously didn't want to do anything to reduce the security of my phone's encryption.

    Thanks again for explaining how it works.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Hi @mverde, and thanks a lot for that really detailed explanation. I get it now.

    @oldmankit: Me too! He said it much better than I ever could. :)

    The phone I am using is a Xiaomi Mi A1, which uses the "Android One" version of Android.

    Ah, that explains it. I was wondering why I'd never seen anything like that.

    When I turned on accessibility for 1Password, I received a security warning, though I can't remember the exact details of that. If it helps, I can disabled it and re-enable it in order to find the exact message I got. I was unsure and did a bunch of research which led me to the conclusions that I made earlier, which were possibly erroneous conclusions.

    I'd actually really love to know the exact message, and posting it here may help others find this discussion if they run into a similar issue as well.

    The reason I thought that encryption had returned to default password was because after doing this, the device booted up fully and only asked for a password to 'unlock', not to boot. But I see that this doesn't necessarily mean that the phone was no-longer encrypted safely.

    Yeah it's definitely confusing. It's one of those things where there's some baggage left over from before, so down the road when everyone is on Direct Boot it will be simpler...until they introduce something else new, that is. ;)

    I think since I spent a bit of time having to research it despite carefully reading the 1Password documentation, yes there is probably a bit more that could be done to explain what's happening. I was brand new to Android and was quite confused by the process, and obviously didn't want to do anything to reduce the security of my phone's encryption.

    Absolutely! Not sure how we can condense this information into something that will fit well in the documentation, but Verde's already done some of the work there. :)

    Thanks again for explaining how it works.

    On behalf of Verde, you're most welcome. And thanks to you for bringing this to our attention! I'm sure you're not the only one who will encounter this. Cheers! :)

  • oldmankit
    oldmankit
    Community Member

    Here is the message I get from Android when turning accessibility on:

    Use 1Password?
    If you turn on 1Password, your device won't use your screen lock to enhance data encryption.

    When I press OK, I get another warning:

    Because turning on 1Password affects data encryption, you need to confirm your password.

    I then enter my device password.

    After that point, I no-longer need to type a password to boot the phone; it will boot up to the lock screen without prompting for a password.

    The way to return to the original behaviour (requiring password for boot) is to change Android settings as follows:

    Settings > Security & location > Screen lock

    I type my password then on the "Choose screen lock" page I select "password". It then asks whether I want to "further protect this device by requiring your password before it starts up". Select 'yes', then 'ok', so see the following warning:

    Require password?
    When you enter your password to start this device, accessibility services like 1Password won't yet be available.

    Press "OK", and then set a password for unlocking the device at boot.

    I test that it's working by restarting the device, and after the "androidone" logo I get the following prompt: "To start Android, enter your password". So yes, it's working as before.

    Now I get the best of two worlds: 1password filling via accessibility, and password required before boot.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks so much for sharing those details! I'm glad that it's not only working for you, but that others can benefit as well. I think what's happening is that this could mess up some accessibility services which would need to be available on boot, but since 1Password doesn't work that way it ends up being a non issue in this case. We're looking into ways we can account for this in the documentation. :)

This discussion has been closed.