Filling One Time Passwords

dtearedteare Agile Founder

Team Member

So I have a little confession to make here: it's been a really busy month and so the only website that I tested filling of Time-based One Time Passwords (TOTP, aka 2FA, aka those numbers you need to type in when asked) was github.com. It was the first alpha so I thought that was a fine starting point. :)

To make future alphas better I need some help with the other sites out there that support one time passwords. I have a Google account and a Amazon Web Services account, so I'll be fine testing those. There's many more out there, however. If you have a site that won't fill your TOTP when you ask 1Password to, please let me know in this thread. I'll need to see the HTML for the page so please include it (ctrl click on the page and select View Source). If it's for a site that allows people to signup for free, just including the signup URL will be easier for all of us.

Thanks everyone!

«13

Comments

  • dtearedteare Agile Founder

    Team Member

    Weird...on Amazon Web Services I found we're failing to even generate the one time password, let alone fill it. I'll try to get that fixed up for the second alpha.

  • My FastMail account does not seem to have the TOTP filled automatically. Unfortunately, the URL is static. You have to successfully submit the username and password to reach the TOTP prompt.

    Site: https://www.fastmail.com/login/

  • beyerbeyer

    Team Member
    edited June 2017

    @Fooligan: Thanks for letting us know! We will be sure to check out this website as we are expanding the TOTP functionality.

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • brentybrenty

    Team Member
    edited June 2017

    PayPal. It's a weird one because of the hoops you have to jump through to set it up in 1Password, but I figure this is the right audience...and we may learn something from the page at least... ;)

    https://www.paypal.com/auth/twofactor?returnUri=signin&state=returnUri=http%3A%2F%2Furi.paypal.com%2FWeb%2FWeb%2Fcgi-bin%2Fwebscr%3Fvia%3Dul&state=%3Fcmd%3D_account&country.x=US&locale.x=en_US&nonce=2017-06-21T16:55:02ZFbHJDuAHrK9QKmITT-lGQhTeva57qjSutZXJ1GBtHsk&stsReturnUrl=https://www.paypal.com/signin&mkey=authContext:bdb7161f68a94bd1958886eac2b9491b

    <!DOCTYPE html><!--[if lt IE 9]><html lang="en" class="no-js lower-than-ie9"><![endif]--><!--[if lt IE 10]><html lang="en" class="no-js lower-than-ie10"><![endif]--><!--[if !IE]>--><html lang="en" class="no-js"><!--<![endif]--><head><!--Script info: script: node, template:  , date: , country: , language: web version: content version: hostname : rZJvnqaaQhLn/nmWT8cSUjOx898qoYZ0LPVVBggesceeki295KWwxo/ppoPbsMcM0X6Eew54WsErlogid : --><!--Script info: script: node, template:  , date: Jun 21, 2017 09:53:27 -07:00, country: US, language: en web version:  content version:  hostname : rZJvnqaaQhLn/nmWT8cSUjOx898qoYZ0LPVVBggesceeki295KWwxo/ppoPbsMcM0X6Eew54WsE rlogid : nMtBIApfvtmcSYyrna436gWmsTOfE8GjxbaxYq%2Bewlj3ZacdGyoeFjIAluVKcI0YoEONLjAZ2ppnRaI7%2FAz7hsTFJ2%2BO44Pg_15ccb92b2c0 --><meta charset="utf-8" /><title></title><meta http-equiv="content-type" content="text/html; charset=UTF-8" /><meta name="application-name" content="PayPal" /><meta name="msapplication-task" content="name=My Account;action-uri=https://www.paypal.com/us/cgi-bin/webscr?cmd=_account;icon-uri=http://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico" /><meta name="msapplication-task" content="name=Send Money;action-uri=https://www.paypal.com/us/cgi-bin/webscr?cmd=_send-money-transfer&amp;send_method=domestic;icon-uri=http://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico" /><meta name="msapplication-task" content="name=Request Money;action-uri=https://personal.paypal.com/cgi-bin/?cmd=_render-content&amp;content_ID=marketing_us/request_money;icon-uri=http://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico" /><meta name="keywords" content="transfer money, email money transfer, international money transfer " /><meta name="description" content="Transfer money online in seconds with PayPal money transfer. All you need is an email address." /><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico" /><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png" /><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1, user-scalable=yes" /><link rel="stylesheet" href="https://www.paypalobjects.com/web/res/309/ca47ad801c0df1585a852d1d3826b/css/app.css" /><!--[if lte IE 9]><link rel="stylesheet" href="https://www.paypalobjects.com/web/res/309/ca47ad801c0df1585a852d1d3826b/css/ie9.css" /><![endif]--><script src="https://www.paypalobjects.com/web/res/309/ca47ad801c0df1585a852d1d3826b/js/lib/modernizr-2.6.1.js"></script><style id="antiClickjack">body {display: none !important;}</style><script>if (self === top || /\.paypal\.com$/.test(window.parent.location.hostname)) {var antiClickjack = document.getElementById("antiClickjack");antiClickjack.parentNode.removeChild(antiClickjack);} else {top.location = self.location;}</script></head><body class="desktop" data-view-name="twofactor"data-template-path="https://www.paypalobjects.com/web/res/309/ca47ad801c0df1585a852d1d3826b/templates/US/en/%s.js"data-csrf-token="fFecnXIKLCva2tVN0KU56JmVwH7o9qJlUQveU=" data-locale="en_US"><noscript><p class="nonjsAlert" role="alert">NOTE: Many features on the PayPal Web site require Javascript and cookies.</p></noscript><!-- id should be first parameter --><div id="main" role="main"><section id="security" data-role="page" data-title="Type in Your Code"><div class="corral"><div id="content" class="contentContainer contentContainerLean"><header><p class="paypal-logo paypal-logo-monogram">PayPal</p></header><div id="notifications" class="notifications"></div><h1 class="headerText">Type in Your Code</h1><p id="hardTokenHeader">To get a new code, press the button on your Security Key (Serial number VSST29264342).</p><form action="/auth/twofactor" method="post"  class=""name="2fa"autocomplete="off" novalidate><input type="hidden" id="token" name="_csrf" value="fFecnXIKLCva2tVN0KU56JmVwH7o9qJlUQveU="><div class="textInput " id="security-codediv"><div class="fieldWrapper"><label for="security-code" class="fieldLabel">Security Code</label><input id="security-code"name="security-code"type="number"class="hasHelp validate"value=""     autocomplete=   "off"           placeholder=    "Security Code"                 data-validate=  "security-code"     /></div><div class="errorMessage"id="security-divErrorMessage"><p class="emptyError hide">Type in your code.</p><p class="invalidError hide">Your code should be 6 numbers.</p></div></div><p class="tryAnotherMsg">Don’t have a key handy? <a id ="tryAnotherOption" href="https://www.paypal.com/auth/stepup?returnUri=signin&amp;state=returnUri%3Dhttp%253A%252F%252Furi.paypal.com%252FWeb%252FWeb%252Fcgi-bin%252Fwebscr%253Fvia%253Dul%26state%3D%253Fcmd%253D_account&amp;country.x=US&amp;locale.x=en_US&amp;nonce=2017-06-21T16%3A50%3A55Z_U1iuPRuxZvW172FE9bkPJlo9GddV6Lc91ABfaJifis&amp;stsReturnUrl=https%3A%2F%2Fwww.paypal.com%2Fsignin&amp;stepupContext=twofactor&amp;flowContext=2fa" class="inlineLink scTrack:authchallenge-tryAnotherOption">Try another way</a></p><div class="actionsSpaced"><input id="btnCodeSubmit"  name="btnHardTokenSubmit"  type="submit" value="Continue" class="button" /></div></form></div></div><footer class="footer" role="contentinfo"><ul class="footerGroup"><li><a href="/us/cgi-bin/webscr?cmd=_help">Contact Us</a></li><li><a href="/us/webapps/mpp/ua/privacy-full">Privacy</a></li><li><a href="/us/webapps/mpp/ua/legalhub-full">Legal</a></li><li><a href="/us/webapps/mpp/country-worldwide">Worldwide</a></li></ul></footer></section></div><div class="transitioning hide"></div><script data-main="https://www.paypalobjects.com/web/res/309/ca47ad801c0df1585a852d1d3826b/js/config" src="https://www.paypalobjects.com/web/res/309/ca47ad801c0df1585a852d1d3826b/js/lib/require.js"></script><script src="//www.paypalobjects.com/pa/js/pa.js"></script><script>(function(){if(typeof PAYPAL.analytics != "undefined"){PAYPAL.core = PAYPAL.core || {};PAYPAL.core.pta = PAYPAL.analytics.setup({data:'pgrp=authchallengenodeweb%2Fpublic%2Ftemplates%2Ftwofactor.dust&page=authchallengenodeweb%2Fpublic%2Ftemplates%2Ftwofactor.dust&qual=hardToken&tmpl=authchallengenodeweb%2Fpublic%2Ftemplates%2Ftwofactor.dust&pgst=1498064007872&lgin=&vers=&calc=bceb8797c575a&rsta=en_US&pgtf=Nodejs&s=ci&ccpg=&csci=6d12499e32a743a6a7fb6a3f1b74c743&comp=authchallengenodeweb&tsrce=unifiedloginnodeweb&pxpguid=&goal=&fltp=&flnm=&erpg=&erfd=&eccd=&cust=&acnt=&aver=&rstr=&pfid=&bztp=&mbtp=', url:'https:\/\/t.paypal.com\/ts'});}}());</script><noscript><img src="https:https://t.paypal.com/ts?nojs=1&pgrp=authchallengenodeweb%2Fpublic%2Ftemplates%2Ftwofactor.dust&page=authchallengenodeweb%2Fpublic%2Ftemplates%2Ftwofactor.dust&qual=hardToken&tmpl=authchallengenodeweb%2Fpublic%2Ftemplates%2Ftwofactor.dust&pgst=1498064007872&lgin=&vers=&calc=bceb8797c575a&rsta=en_US&pgtf=Nodejs&s=ci&ccpg=&csci=6d12499e32a743a6a7fb6a3f1b74c743&comp=authchallengenodeweb&tsrce=unifiedloginnodeweb&pxpguid=&goal=&fltp=&flnm=&erpg=&erfd=&eccd=&cust=&acnt=&aver=&rstr=&pfid=&bztp=&mbtp=" alt="" height="1" width="1" border="0"></noscript></body></html>
    
  • dtearedteare Agile Founder

    Team Member

    That's perfect! Thank you, @brenty.

    @Fooligan: for FastMail can you do me a favour and inspect the 2FA field and take a screenshot for me? I mainly care about the input field itself but seeing the surrounding content is also helpful. If you could position the screen just right you should be able to fit the inspected input field as well as the login page itself like so:

    Thanks!

  • dtearedteare Agile Founder

    Team Member

    Ok, things have gotten much better in 0.7.3 with these two changes:

    [IMPROVED] Can now fill 2FA codes on PayPal, GMail, and Amazon Web Services.
    [FIXED] Can now display 2FA codes for Amazon and other sites that don't use a full URL for storing the secret.

    Please verify it works for you and keep the bug reports (along with pics of the 2FA token input field being inspected like above) coming! <3

  • @dteare

    Here is a screen capture with input field selected. Let me know if you need more detail.

  • dtearedteare Agile Founder

    Team Member

    That's perfect! Thank you so much, @Fooligan. I made a change that should help and it will be available in the 0.7.4 release. I likely won't be publishing that until the weekend, however, as 0.7.3 just went out.

    Thanks again!

  • dtearedteare Agile Founder

    Team Member

    @Fooligan: Please give 0.7.4 a go and see if it fixes this for you.

    Thanks! <3

  • @dteare: It works! Thanks for getting this in the new app so quickly.

    There is on caveat. The submit button does not work until a character is removed and then added. This has already been noted here.

  • brentybrenty

    Team Member

    Looking forward to improvements there as well. :):+1:

  • dtearedteare Agile Founder

    Team Member

    Awesome! Thanks for letting me know. At the risk of overpromising, I am working on the "can't submit after filling" issue today. With any luck I'll actually fix it, too! :)

  • No worries. I hate being nit picky. But, I know that you and the team strive for perfection. So, I just want to make sure you know about the small things too.

  • brentybrenty

    Team Member

    "Little things" matter a lot. Keep it up! :)

  • @dteare and @brenty, @Fooligan said it best, and one of the reasons I love this app:

    But, I know that you and the team strive for perfection

    I know the the One Time Password wouldn't fill when I used Mac Rumors, and that was the only site I found so far. Other seem to work like a charm.

  • beyerbeyer

    Team Member

    Thanks! I'll take a peek under the hood of MacRumors and see what we can find out.

  • @beyer I found another site, live.com (for outlook and Hotmail users). With that site, nothing fills. It's one of those logins that the 1st screen shows to put the user name, the next the password, then the OTP from there. But nothing fills at all.
    On my Mac, it auto-fills, but I do have to click on the extension each time for each screen.

  • beyerbeyer

    Team Member
    edited June 2017

    @prime: Thanks, we are taking a look at live.com as well!

  • Thanks @beyer! Much appreciated!

  • beyerbeyer

    Team Member

    :):+1:

  • dtearedteare Agile Founder

    Team Member
    edited June 2017

    @prime: I just published 0.7.5 and you managed to make not just one but two appearances in the changelog! :)

    You can now fill one time passwords at MacRumors! And Live.com works for the email, password, and one-time passwords as well. The only slight quirk on Live.com is you have to manually add a character and then delete it after filling the OTP before Microsoft will allow the form to be submitted. I know why this is happening and hope to improve it in a future update.

    Thanks again for all your help! Keep the feedback coming! <3

  • @dteare works GREAT and happy I was on the changelog twice :)

  • beyerbeyer

    Team Member
    edited June 2017

    @prime: You deserved it! Thanks for letting us know it's working for you as well.

  • @beyer, I wasn't expecting a fix this fast at all. You 2 need a day off, GO REST! :)

  • beyerbeyer

    Team Member
    edited June 2017

    :blush::+1: Don't worry I took a full day off yesterday. Not to mention it's @dteare working all the magic!

  • dtearedteare Agile Founder

    Team Member

    Monday's and Wednesday's are my busiest "life" days, so I mentally need to work on the weekend to make ends meet. :)

    Glad it's working for you! I'm going to go fix that quirk with the 2FA code on Live.com right after I catch up on the forums here.

  • For some reason, I am not able to fill in any 2F codes with version 0.7.5?

    I have tried on the following web sites:

    • FastMail
    • Amazon
    • Google

    I tried in Google Chrome and Chromium:
    Google Chrome Version 59.0.3071.109 (Official Build) (64-bit).
    Chromium Version 58.0.3029.110 Built on Ubuntu , running on Ubuntu 16.04 (64-bit)

  • beyerbeyer

    Team Member

    Hey @Fooligan:

    Thanks for letting us know. It looks like I'm experiencing some inconsistent results with the websites you listed as well. I'm going to troubleshoot this further and I'll send you a message if we deem additional information from you would be beneficial.

    Cheers :)

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • dtearedteare Agile Founder

    Team Member

    Thank you, @Fooligan! I just fixed this on my machine. This issue was a bit weird as I swore I made these exact code fixes already. I must have reverted them by accident when rolling back some other changes.

    The change should be included in the 0.7.6 release later this week – maybe even tonight, depending on how busy life is after I pick up my kids from school. :)

    Take care and thanks again for the bug report!

  • The perils of Git strike again!

    Thanks.

This discussion has been closed.