Feature Request: OTP 2FA MFA copy / fill keyboard shortcut (Two-Factor Authentication)

HenryYHenryY
edited September 2015 in Mac

Right now, CMD-\ works great to fill in the main username and password.

However, after getting to the secondary login page for many sites, I still have to manually arrow through 1Password mini in order to copy and paste the OTP password in.

It would be great if I could do this in 1 keystroke.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

«134

Comments

  • brentybrenty

    Team Member

    @HenryY: Yes! This is easier said than done, since TOTP fields are not as widely standardized (or as common) as password fields, but I do hope we can streamline this in the future — especially if TOTP becomes more commonplace itself. Thanks for letting us know you'd appreciate this feature! :)

  • The new one-time password feature is very helpful. However, I've not been able to get it to auto-fill on web pages. What I have to do is copy the value and paste it. In particular, I've tried to set this up on AWS for both a root account and IAM account. Is there a feature to connect an OTP to a web form field?


    1Password Version: 5.3
    Extension Version: Safari 4.4.3
    OS Version: OSX 10.10.5
    Sync Type: Not Provided

  • brentybrenty

    Team Member

    @davidtx: Sorry for the confusion! The 1Password extension is not able to fill TOTP codes, but we'd like to add that feature in the future. However, even in this age of great web standards, there are many sites where 1Password has trouble filling the username and password even, because they are not using recognizable IDs...and as you can imagine, there is even less consensus when it comes to TOTP, given that it has yet to reach wide adoption.

    So while we'd definitely like to streamline things with TOTP going forward, with the limited support and lack of consensus we're not there yet I'm afraid. But I'm glad that you're enjoying using TOTP in 1Password! Thanks for letting us know that you'd like this feature as well! :)

    ref: OPX-758

  • Hey @brenty, thanks for the response. I understand that supporting the many different form field Ids out there for MFA would be difficult. However, 1Password already supports the ability to modify form details. 1Password already supports setting a checkbox to true or false. Using that existing feature, when I open the AWS IAM login console, 1Password checks the "I have an MFA Token" checkbox.

    If 1Password allowed users to select to use their MFA code in a field, then this feature would be available to at least users that know how to edit the form details.

    As it is, my Login in 1Password does include the "mfacode" field that is in AWS' form. It is just blank, and there is no way to say "use my MFA code."

    To clarify, with an IAM login, the MFA code is entered on the same form as the username and password. When signing in with a root account, it is on a different page altogether.

  • brentybrenty

    Team Member

    As it is, my Login in 1Password does include the "mfacode" field that is in AWS' form. It is just blank, and there is no way to say "use my MFA code."

    @davidtx: Indeed! But keep in mind that TOTP support was a recent addition. There simply isn't any logic in 1Password currently to support what you're suggesting, but I do hope we can add this in the future!

    To clarify, with an IAM login, the MFA code is entered on the same form as the username and password. When signing in with a root account, it is on a different page altogether.

    Yes! There's a lot of variation from site to site. For instance, sometimes this is a separate form in a frame or popup window.

    If 1Password allowed users to select to use their MFA code in a field, then this feature would be available to at least users that know how to edit the form details.

    In the end, if and when we add support for TOTP filling, we'll also make it more streamlined than requiring people to manually edit form data to get it to work. ;)

  • +1 for this feature.

    i love that i can command+shift+c to copy a password from 1p mini.

    would love a similar shortcut for copying 2FA tokens.

  • Hi @alextran,

    I've added your support for this to our existing request and like yourselves I would love to see this even though I don't have many TOTP enabled sites myself. The tricky part is making sure it all works reliably. Take Google. It used to be you filled your username and password on one page then your TOTP code on the next. Now it's three fills, username first, then password and finally TOTP. I'm sure there is a way to make it neat though given a bit of thought.

    ref: OPX-758

  • RunarRunar Junior Member

    I like @alextran’s suggestion of a shortcut for copying the TOTP code. This should be quite easy (I assume) since it wouldn’t need to know what the form looks like, all it would do is copy the code, just as the shortcut for copying the password does.

    It would help a lot while we wait for real TOTP «support»!

  • Hi, just wanted to +1 the above suggestion. Also, I would wager that at least at the moment, many people that want to use TOTP are also comfortable editing the 1Password web form section. I know I would love to be able to add a TOTP field to the webform. I can already select between text, password, etc. :) This would be really cool.

    Thanks for the great app!

  • Also kudos for having the TOTP feature in 1Password! It's great to not have to use a different app.

  • Hi @Runar,

    I've made a note of your request as well as adding your vote to see this happen.

    ref: PX-758

  • sorry i'm jumping into this late.

    i'm with @Runar.

    i'd actually be content with a keyboard shortcut to copy the TOTP password. that'd be where my +1 would go.

    my concern wasn't really that it auto-fills with command+\, just a quicker way to access the code.

    didn't know if creating a new thread for that was appropriate so jumped on this one. sorry if that made things confusing!

  • Hi @Alex_R,

    Thank you for your kind words. The more I think about filling of the TOTP code the more I suspect we will need to make a couple of adjustments to make it work nicely as the code is always (in my experiences) on a different page. I think you're correct though, I think we need to flag a field as being the TOTP field and that will allow 1Password to do things nicely. Of course that's just my thoughts, we'll see what the devs can do :smile:

    ref: OPX-758

  • Drew_AGDrew_AG 1Password Alumni

    Hi @alextran,

    No problem at all, I think this is definitely the right place to let us know! :) I'll add your feedback to our internal tracker. We appreciate it!

    ref: OPX-758

  • Vee_AGVee_AG 1Password Alumni
    edited September 2015

    I've added your vote, @Ryan Parman. Thanks!

  • Vee_AGVee_AG 1Password Alumni
    edited September 2015

    Thanks @Ryan Parman! Your vote was counted from the other thread on this same issue. Is there any particular feedback or note you'd like to add?

  • brentybrenty

    Team Member

    It seemed a little odd to have multiple threads for this, so I've merged all the MFA/2FA/OTP filling feature requests into a single discussion. :pirate:

  • It's true that many TOTP's are in a different page. Perhaps placing the the OTP automatically on the clipboard in that case? @alextran solution also seems useful.

    AWS does keep it all on the same page though, which was my particular use case. You tend to have more than one account and use TOTP's in all of them. Whatever the solution, using 1Password is still better than reaching for my phone, opening the app, and manually copying in the number. ;)

  • Drew_AGDrew_AG 1Password Alumni

    Thanks again @Alex_R, we appreciate the feedback and hopefully we'll be able to make the process easier in the future.

    Whatever the solution, using 1Password is still better than reaching for my phone, opening the app, and manually copying in the number.

    Thanks, we all think so, too! ;)

  • +1

    Would love to see auto-filling for MFA! I'm often logging into one of 4 different AWS accounts for various purposes, and the flow is just a little clunky :)

  • Count me in for both a keyboard shortcut for pasting the 2FA code AND for allowing me to designate which field the code should go in. Combined with multiple URL's per 1Password login, that should cover most of us who used 2FA. At this point, I'd even pay an extra $1 for this functionality. (tho, as I'm sure you'll agree, it should be part of the product.. I'm just trying to incentivize you. :))

  • Drew_AGDrew_AG 1Password Alumni

    @hairyhenderson and @mikefoley, thanks for letting us know! :) I'll add your votes/comments to our internal tracker.

    ref: OPX-758

  • Consider me another +1 for allowing the input field name to be specified/honored for the one-time password field. I was going to switch to using 1Password for my TOTP protected Wordpress sites, but there's not a lot of advantage if the Mac app doesn't fill it in. I had assumed I could "tweak" the form filling behavior like I can with other fields. Hope this can be implemented sometime. Thank you!

  • jgerryjgerry Junior Member
    edited September 2015

    +1

    I'm surprised so many people mention the AWS specific case, that's my primary use case as well. I think @davidtx has it right though -- if we "power users" could just select the OTP while editing the form details, that would be a great first step. It doesn't have to be fully automated with command-\ but it's pretty clunky as it stands now. Still, I can get rid of Google Authenticator, thanks for that!

    EDIT: looks like AWS is moving to a multi-page login soon.

  • brentybrenty

    Team Member

    EDIT: looks like AWS is moving to a multi-page login soon.

    @jgerry: Ah crap. Thanks for the heads up! It will certainly be a change for all of us using AWS, but we'll see if this also affects 1Password's login filling here as well...

    As a bit of an aside, I wonder what perceived benefit multi-page logins have that so many sites are moving to this model — one notable exception being Bank of America, which recently got rid of their multi-page login process to use a single-page login. From a user perspective this is often very obnoxious, even without a password manage in the mix — it's just extra steps.

    But from a security perspective, it seems like it would be better (in the sense of it being completely opaque) to have a single login form with all necessary fields and then return a simple 'YEP' or 'NOPE' when it's submitted. If you enter login credentials on separate pages, it can tell you (information leakage FTW) that the username and/or password are correct, and then if you fail on the TOTP code exclusively, you know you just need to grab the guy's phone when he's drunk, er...I mean grab a new TOTP code from your own phone. Yeah that's it! :pirate:

    Maybe @jpgoldberg can weigh in here and tell me what I'm missing. :unamused:

  • Right now I know I can press "command \" and pull 1password's login pop up, but when it prompts me to add my 2FA code, is there another keyboard shortcut I can use?

    Thanks


    1Password Version: 5.3.2
    Extension Version: Not Provided
    OS Version: OS X 10.10.5
    Sync Type: Dropbox
    Referrer: forum-search:shortcut two factor

  • Vee_AGVee_AG 1Password Alumni

    Hi @nicolml,

    I've merged your post into an existing thread about this feature request. There is not currently a keyboard shortcut for TOTPs because 1Password currently cannot auto-fill them. But we do hope to add this feature in a future update, and I have added your vote to this request in our internal tracker. Thanks! :)
    ref: OPX-758

  • mbdmbd Junior Member

    +1.

    I need to use OTP several times a day, and reducing the number of keystrokes to enter a password and token combo would be most helpful.

This discussion has been closed.