Export OTPs grom Mobile authenticators to 1P?

vapre
vapre
Community Member

A question, which I imagine has been asked before. I come to 1Password having dozens of 2FAs saved on an authenticator app on my phone: you all know how tedious it is to go through the whole process again to recreate new ones. Is it therefore possible to simply export the secret key and import it into 1p?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • ag_timothy
    edited October 2022

    Hi @vapre, thanks for your question!

    To my knowledge this is not currently possible with any authenticator apps do in part to how the keys are typically transferred. If you have used another password manager that, similar to 1Password, doubles as an Authenticator, 2FA codes should be included when you import depending on what information was exported from the given password manager.

    I think this is a great idea though and I'd like to share your feature request with the team. Could I ask which authenticator app you were using to ensure what I file is accurate?

    Thanks again!

    ref: IDEA-I-1416

  • vapre
    vapre
    Community Member

    Thank you @ag_timothy. My auth app of choice is Aegis, that is open source and packed with nice features (secret key, hash function, backups etc.).

  • Thanks for following up with me @vapre. While I can't make any promises about the development of 1Password, I've shared the request with the team.

    I did a little poking around with Aegis and found that you can export the vault as an unencrypted JSON or text file. I'll note that unencrypted files are stored in plaintext. Anyone with access to your exported data files will be able to read the contained information and potentially access your 2FA codes.

    While it's certainly not a clean import process, secrets (highlighted in my example below) can be copied from the exported files to one-time password fields in related 1Password items. From my limited testing, the 2FA codes synced up once the item was saved in 1Password.
    image

    I'll note again that unencrypted files from Aegis can be accessed by anyone. If this is something you've tried yourself do not email exported data files or store them online. Delete them when you are done with them.

    Let me know if there's anything else I can help with!

  • vapre
    vapre
    Community Member

    Dear @ag_timothy, thanks a lot for digging into. Regarding the Aegis issue, I know it's not widely used but I looked at their github and it seemed like a fair product: regarding keys in plain, in the app options, under "security" it gives you the option to encrypt the database. Have you looked into that? However, I don't know if it is sufficient. If you think it might be a risk I will change as soon as possible.

    It's about "sharing" with 1Password 8, so if I copy that string you highlighted as "one-time password" I could manage it from 1P?

  • ag_timothy
    edited October 2022

    Hi @vapre, thanks for your reply and apologies for my lack of clarity.

    What I was proposing was a workaround to moving your OTPs into 1Password from Aegis not a comment on their security. Many apps (including 1Password) offer some unencrypted export options which can be very useful, but requires an additional degree of caution when used. Again, my apologies for the lack of clarity there. I cannot offer an assessment of the security of another app, but from everything I've seen Aegis does seem reputable.

    so if I copy that string you highlighted as "one-time password" I could manage it from 1P?

    Yep! So this secret would also be visible if you edit your OTP in Aegis and look under "Advanced". You could copy from Aegis to 1Password for Android rather than exporting them.

    Below you can see I've copied the secret from the JSON into the one-time password field of my test item. After saving the item I get the TOTP that matches what I see in the test item in my authenticator.

    imageimage

    Needless to say, the method you originally proposed would be much smoother. As that option isn't available at the moment, I wanted to suggest some workarounds. If you have any questions or there's anything I can clarify, please let me know!

  • vapre
    vapre
    Community Member

    Now it is perfectly clear, I have new insights and also succeeded in my original intent! Thank you.

  • Very happy to help @vapre! Let us know if you have any other questions or there's anything we can help with.

This discussion has been closed.