Accounts where TOTP code should be appended (or prepended) to the password
This may be a bit of a corner case request, but here goes...
There are some websites (looking at Etrade.com!) where the 2FA TOTP code needs to be silently appended to the password in the same field. There is no visual indication to remind you that a 2FA code is required, and if you forget it just tells you you entered the password wrong[1].
Another example is the login page to opnsense (and maybe pfsense?) router/firewall software. You can enable 2FA on your router, but then have to remember to concatenate the TOTP code just like on etrade.
It would be nice if I could edit or otherwise flag that login item so 1Password knows to automatically concatenate the password and the 2FA code for me so I don't forget.
[1] Admittedly, there's a "use security code" checkbox that reveals a 2FA field, but if you've remembered to check that box, you've remembered you need a 2FA code, so that's not really the issue
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
Hey @zcutlip:
While it isn't currently possible for 1Password to do this automatically in a single fill, it's definitely something we've heard feedback about before. We have an internal issue tracking this request, and while I can't promise anything specifically, I'll add your voice internally!
Jack
ref: IDEA-I-702
0 -
I also created such a request in December 2021:
https://1password.community/discussion/117820/paste-totp-code-directly-behind-my-passwordAnd there was another request in August 2019:
https://1password.community/discussion/106003/special-2fa-on-mailbox-orgYes, this is a special case, but it would be great if 1Password could add such a feature. π
0 -
Yep, an edge case for sure, but glad I'm not alone. Thanks for considering!
0 -
No trouble, we're happy to help.
0 -
Adding my support to this as well. I dont think this is a "special case" feature at all. I have several sites that I use daily where I find the lack of 1Password field concatenation really annoying (USAA and my OPNsense router admin page are two that immediately come to mind). Its not 1PW's fault of course, as this is a really silly hack method to not have the OTP code as a secondary input field on these login pages, but the reality is, there are sites that insist on doing it this way, and it's a real pain to not be able to auto-fill credentials this way via 1PW.
I saw a 1PW team member mention (in one of the numerous previous--and now closed--threads about this feature request) that implementing this feature poses a UX challenge, which I can understand. But it seems to me that it doesnt have to be any more complicated than having a special "dynamic password" (or something better named than that!) field type where you can construct fill-in data based on existing fields in the same vault item, using a "tag" based UI.
For example, here's how a theoretical "dynamic password" field could work, where I can build a single "dynamic" fill-in field by using concatenated "tags" that represent the names of existing fields in the vault item. This way, you could (at best) map the "password" form field entry to the "dynamic password" field for seamless auto-fills, or (at worst) manually copy and paste the contents of dynamic password field into the form. This way at the very least, you wouldnt have to manually copy and paste data from multiple fields every single time you want to login. You'd just have to copy a single field!
2 -
The sketch by @melorama above looks very usable to me... nice job. As a 1password gui user, I would have no problem with that if the need arose. I wish it was in the app :)
I'm not so sure this is a corner case. For example, to enable TOTP on some of the most commonly used firewall web GUIs (eg: OPNSense), you concatenate the TOTP and the password for any authentication attempt. If I want to authenticate with the OpenVPN VPN on one of our firewalls, it also takes this structure. Identity platforms like FreeIPA do the same thing. I think you see it even more as an admin user, though some consumer / regular-human sites are doing it too.
I basically evangelize 1password, btw. Getting people to adopt good security hygiene is really really hard if they don't have a way to manage longer, more complex authentication processes. I'm probably preaching to the choir here :) Anyway, I can tell you that the two companies in our corporate group are using concatenated [TOTP][Password] to authenticate on the firewall gui and VPN at least. An MSP we work with has the same setup internally because we set it up for them. Some of their client sites either have or will-have the same. And a corporate client of ours with ~5,000 employees may have the same thing for some users (admins and managers mostly) in the future.
So... I also think this would be a good feature. It's not impossible to log into the concatenated-password things without it (especially if you're technical enough to script something yourself), but it would be convenient if there was a way to handle it. Hope you all will consider it, and thanks for making a great product. :)
0 -
Adding my vote for this feature. I have the exact same problem with USAA.
0 -
Hi @alwzbkraken @viswiz @nufsty! I can definitely understand why this feature would be great to have. I've passed along all your feedback to our developers. Hopefully this will be considered in a future release.
PB: 31413791
0 -
Adding my voice to this. I need to switch between multiple VPNs (OpenVPN) throughout the day and each time requires this password+otp back and forth dance. I've been tracking this issue for a number of years but I must say @melorama mockup above looks like a usable solution and I imagine (as a fellow developer) "fairly" straightforward to build. Obviously this has to be weighed against other priorities but if you're looking for a nice user facing feature that will have a big quality of life improvement for a number of your customers then I'll vote for this!
0 -
@neilwalsh @251empira thanks for the feedback, I've shared your comments here with our developers.
0 -
+1 for my vote. My Cisco Anyconnect app requires me to enter the password concatenated with a comma followed by the 6 digit OTP so it would have the pattern "${PASSSWORD},${OTP}". I tried searching for a way to do this and I see people have been asking about it for years.
0 -
@JulesNet thanks for letting me know! I've let our product team know about how this feature would help you with your CiscoAnyconnect app. Although I can't guarantee if or when this change will be implemented, you can visit our releases page to keep up with all of our latest fixes and features: 1Password Releases
0 -
Until the 1PW devs add this functionality, here's a hacky way to do it using the 1Password CLI.
1 -
Thank you for sharing @melorama.
0 -
Hey @btr,
Thank you for your input, I have passed your request on to our product team.
ref: PB34004356
0 -
This mostly helpful only if you're on macOS, but I created a Keyboard Maestro macro that auto-concatenates the TOTP code with the password, for one-click generation of a valid OPNsense login password.
1 -
I improved on the Keyboard Maestro macro so that it auto-fills the concatenated OTP+password and clicks on the Submit button all in one fell swoop!
0 -
Appreciate your efforts sharing and explaining your workaround @melorama! I've added these to our existing feature requests so the team has some additional context π
ref: PB-36212574
0 -
I still would be happy if this feature would be implemented. π
0 -
me too, for USAA in particular.
0 -
Adding my voice for another vote for this feature. I really like the "dynamic password" field that @melorama mocked up.
I would like to add a request to maintain the OTP/Password/PIN as SEPARATE fields in the 1Password item as there are implementations for example in a domain authentication on different systems within the domain that use the same OTP/password, but not all authentications require the combination in one authentication action. I mention this as I was afraid it would become it's own item "type" in the app which will not work in all cases of authentication with the same credentials.
0 -
+1 here as well - my employer's "SSO" uses a single "password" field everywhere and requires us to do a weird copy-and-paste dance 10 times a day. It's infuriating, and I'd like 1Password to take that toil away.
0 -
I appreciate your thoughts on this and I can see how having this option would be beneficial. I've gone ahead and shared your feedback with our Product team.
-Tim
ref: PB-39289456
0
https://youtu.be/3uF7ZcEXCBY
