OTP Integration
Comments
-
@Fooligan so happy to hear that you like the addition of OTPs!
The actual OTP secret will sync across devices, and if you have multiple iOS devices you should be able to see your OTP show up on them.
If you are referring to non iOS devices... the OTP logic itself is currently iOS only. On non-iOS devices (Mac, Android, Windows) you will simply see the otpauth URL (or secret) and not the actual OTP in the custom field. We do plan to have this added to the other devices as we move forward.
0 -
Hi @Fooligan,
I'm glad you're liking it so far and that's just the the first iteration of our support for it. It's going to get a lot of love over time.
Yes, it should be syncing to all 1Password apps once the app adopts the support for it. It is not useful if you can only use it on one device and not the rest. Right now, it should sync in all of your 1Password 5.2 for iOS apps on multiple iOS devices.
I don't have a timeframe on when you'll see it in the other apps but it will take some time as we're just getting started. Once things look good here, we'll start pushing it elsewhere.
0 -
Wanting to make sure I understand this correctly, does the OTP work like Google Authenticator, taking the place of a two-factor authentication app (like Authy) or does it serve a different function?
0 -
Sounds good, thanks for the quick response. Great work!
Yes, it acts like all the other time based authentication apps (Authy, Google Authenticator, etc). It is super handy.
0 -
@Fooligan sweet. I'm gonna have to play around with it
0 -
Best news all day! Been a happy authy user but more than willing to jump to 1Pass for 2FA.
It's rough around the edges (beta, so of course) but can't wait to see how it shapes up in future updates!
0 -
Hi guys,
Thanks for the awesome feedback. Keep in mind that this is still a beta, don't dump the other apps just yet. :smiley:
Keep testing it, make sure it is working, and report any issues you can find. Even just to tell us that the scanner for the QR code is working, we'd love to hear that as well.
0 -
Set it up with Kickstarter's 2FA this evening to test, no issues with setup or sync of the code from iPhone 5S to iPad Mini 2.
0 -
Super glad to hear that. Thanks,, again.
0 -
I just tried it with Google and it works really well!
I don't know much about this type of authentication. Is it more secure than receiving codes by text message or other notification?
0 -
Hi Guys,
I've been using Authy for some time, and I haven't been too happy with the bluetooth pariring/connection between their iPhone and Mac Apps.
As you said you are planning to add this to other devices as well - would this require a bluetooth connection like Authy?
Either way, I'll still be more happy to use 1Password for both Passwords and OTPs;)0 -
Hi @spitf1r3,
No, it'd sync the same way as you already do now with 1Password. It's just an extra special secure field type for your items to customize with.
I don't know much about this type of authentication. Is it more secure than receiving codes by text message or other notification?
We'll probably write up a blog post on this to explain how it really works. It is slightly secure in a way that it is encrypted within 1Password and you have to unlock 1Password to get the code as opposed to seeing the code in SMS text in plain view.
0 -
Hi @Penelope Pitstop,
You might find this article from Goldberg useful: http://www.quora.com/How-did-two-factor-authentication-become-so-popular/answer/Jeffrey-Goldberg
0 -
Thanks for the article Mike.
We'll probably write up a blog post on this to explain how it really works.
I think that would be an excellent idea.
Until I saw TOTP in the release notes for 1Password beta, I had always used SMS messages because I wasn't too happy with Google Authenticator being open when the phone is unlocked. I can understand why SMS messages can be a trust issue for some and impractical when you don't have cellular coverage. Setup is marginally swifter with the QR code too.
Are you planning to support autofill/submit for the TOTP? If there were some way to get the Mac to autofill them too then that would be just awesome.
0 -
I can understand why SMS messages can be a trust issue for some and impractical when you don't have cellular coverage.
I think this recently became a potential security flaw with the introduction of SMS in iMessage. While the probabilities are very low that this will actually be an issue for the majority of internet users, securing my TOTP in 1Password is very attractive. It is also comforting to know that my loved ones just need access to my 1Password file in case something happens to me and they won't be locked out of my accounts.
0 -
I was able to successfully scan all QR codes for my OTP sites, and the numbers 1P is generating all match my other authenticator app. Great work!
0 -
Hi guys,
Are you planning to support autofill/submit for the TOTP? If there were some way to get the Mac to autofill them too then that would be just awesome.
No idea at the moment, we're just getting started with TOTP. We're definitely interested in doing that but as to how we can make it happen, that's a different story. If you've been with us long enough, you'll notice we improve our feature set via continuous iterations, it just gets better over time.
I think this recently became a potential security flaw with the introduction of SMS in iMessage.
I think you meant SMS forwarding as SMS has been in iMessage for a while.
With SMS forwarding, it means it'd show up on your Macs, iOS devices, and also the upcoming Apple Watch, so plenty of exposed areas for folks to find it.
I was able to successfully scan all QR codes for my OTP sites, and the numbers 1P is generating all match my other authenticator app. Great work!
:D Excellent, thank you.
0 -
I was able to successfully scan all QR codes for my OTP sites too, and the numbers 1P is generating all match the Authy app codes too. Will keep Authy until the 5.2 release becomes public then I will use 1P exclusively. Keep up the Great work!
0 -
I've now setup 2FA with Dropbox and Zoho and in both cases the QR code scanning worked without issue. I've used 1P to log into both services at least 3 times since adding 2FA codes to 1P and I have been able to log in successfully on the first try every time.
One request (or possibly I just can't figure out how to do it) is to be able to move the 2FA section. I'd like to move it to the top of the entry. I haven't tried it on the Mac yet, but this is for iOS after all.
Edit: I just remembered, I can move the code field, just not the section. I can even move the field to another section. Also, I believe 1P crashed once while trying to move the field. I'll report back if I can get it to do it again.
0 -
Thanks for the feedback @iWilliamsJ and @fatherfork! If you do experience any crashes please be sure to submit them when asked by 1Password.
0 -
First off, after getting back from a trip and getting back into the groove of messing about, I just saw the inclusion of OTP in 1P. WOO!
I do have a question for you fine folks. What would be the best way to use 1P and Authy while beta testing OTP in 1P? The URL string is new to me since I set up Authy using QR codes. Can both be used simultaneously? I couldn't see a way to have multiple apps generating codes via Google's admin panel.
0 -
I did it by scanning the same QR code with two apps before supplying a code to the website.
0 -
Set it up the minute it became available, a really great feature Scanned the QR code, and it simply worked!
Over the past week there's been no issues at all and it's worked flawlessly. The only thing that got me is the 'otpath', first time I thought that field was for entering the secret into whereas it is actually for the string generated by 1Password. Great feature though, thanks for adding it!
0 -
Hi guys,
Based on the feedback we're getting here, it seems like we should focus on QR mainly and conceal the path field for those who wants to enter secret manually. Do you guys agree?
I do have a question for you fine folks. What would be the best way to use 1P and Authy while beta testing OTP in 1P? The URL string is new to me since I set up Authy using QR codes. Can both be used simultaneously? I couldn't see a way to have multiple apps generating codes via Google's admin panel.
You can reuse the same QR code in multiple authenticator apps, just scan the code with both apps as @Penelope Pitstop suggested before supplying the code backward to finish the process.
The only thing that got me is the 'otpath', first time I thought that field was for entering the secret into whereas it is actually for the string generated by 1Password.
It can take both, the secret and the optauth:// which includes the secret as well.
0 -
Thanks for the info @MikeT and @Penelope Pitstop
Works a treat now! I can't wait for the OS X app to get this functionality.
0 -
Awesome, glad to hear it is working now.
We can't wait to get started on implementing it in other apps in the near future, either. :smiley:
0 -
Seriously... Like, totally the best news I've had all week long. This is an AWESOME addition to 1Password.
And then once its officially added to the OS X version, it will truly be an amazing MONTH!!!
0 -
Hi guys,
We made some awesome changes in beta 10, it now includes a simple one-step action to create a new section and add a new TOTP field right away. We also changed the placeholder to simply say secret instead of the weird optauth:// path one.
jpartain89:
Seriously... Like, totally the best news I've had all week long. This is an AWESOME addition to 1Password.
Glad we made your week. :smiley:
0
