Filling One Time Passwords

2

Comments

  • In git's defence I was doing some huge refactorings and a few of them went sideways and I had to abort. Without git I don't think I'd ever survive! With that said, I learned long ago to avoid stash and to keep my branching to a minimum. Git can handle those just fine but I can't! :)

  • prime
    prime
    Community Member

    Facebook doesn't work, it fills in my email/username for the OTP.

  • beyer
    beyer
    1Password Alumni

    @prime: Thanks for letting us know about issues filling your TOTP on Facebook. I've fixed this and we should have this change in the next build. We greatly appreciate you taking the time to help us test various websites!

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • prime
    prime
    Community Member

    @beyer not a problem at all. My might try others (that I don't use much) to make sure they work for you guys.

  • beyer
    beyer
    1Password Alumni
    edited July 2017

    Awesome! :) :+1:

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • prime
    prime
    Community Member

    @beyer Dropbox does the same as Facebook, puts my login/email address in the spot of the OTP.

  • beyer
    beyer
    1Password Alumni

    @prime: I haven't used my Dropbox account in quite a while (ever since I started using a 1Password.com account). I'm ashamed to admit I didn't have two-step verification set up. However, my account is more secure now, and I've created a fix to fill a TOTP on Dropbox.com correctly. This change should be part of our next build. Thanks!

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • prime
    prime
    Community Member
    edited July 2017

    @beyer I only remembered because I thought I would try it out for this. I haven't used Dropbox either since my 1Password account too. I use Mega now for syncing info between my devices since they offer end to end encryption.

  • beyer
    beyer
    1Password Alumni
    edited July 2017

    It appears my change for Dropbox.com inadvertently fixed Evernote.com as well. Like you, I'm in the process of trying every login I have that supports TOTP. :) :+1:

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • Fooligan
    Fooligan
    Community Member
    edited July 2017

    FYI,

    TOTP on https://www.betterment.com/ does not fill correctly.

    In general, I have been quiet since the extension has been working pretty well for me. I have notices a few bugs, but others have started forum threads for those issues.

    EDIT: Included inspector attachment

  • beyer
    beyer
    1Password Alumni

    Hey @Fooligan,

    Thanks for letting us know and especially providing the screenshot! Oh my, did you see the id they are using on that input field? web_second_factor_authentication_verification_code is quite the mouthful. I'll submit a fix for this tonight and pending approval it will be in the next build of 1Password for Chrome.

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • vivekkrish
    vivekkrish
    Community Member
    edited August 2017

    Hello,

    Thank you very much for accepting my request to be part of the 1Password for Chrome OS beta program! Really liking the new interface and plugin.

    I use a service called https://privacy.com, which can generate per-site or per-transaction "virtual" credit cards (that are backed by a bank account), which uses TOTP based 2FA.

    Similar to the report from a user above regarding Facebook, where 1password fills in the "username" in place of the TOTP code, I'm experiencing a similar issue on privacy.com.

    Here is a screenshot of this page:

    And, below is the snippet of the HTML source code of the <form /> as seen on the TOTP code page:

        <div class="step ng-binding">
            <h1>Two-Factor Auth</h1>true<!-- ngIf: twoFactorAuth -->
            <p class="ng-scope">Enter your time-based one-time access code</p><!-- end ngIf: twoFactorAuth --><!-- ngIf: !twoFactorAuth -->
            <form class="ng-pristine ng-invalid ng-invalid-required ng-valid-maxlength" id="form" method="post" name="form" novalidate="" role="form">
                <div class="error-description ng-binding ng-hide"></div>
                <div class="fields">
                    <label><span>Code</span><input autofocus="" class="text -large -monospace -uppercase ng-pristine ng-empty ng-invalid ng-invalid-required ng-valid-maxlength ng-touched" maxlength="6" name="token" placeholder="000000" required=""></label>
                </div>
                <div class="controls">
                    <button class="primary" name="submit" type="text">Complete Log in</button><!-- ngIf: twoFactorAuth -->
                    <div class="ng-scope">
                        <p><input class="ng-pristine ng-untouched ng-valid ng-empty" id="rememberDevice" name="rememberDevice" type="checkbox"><label for="rememberDevice">Remember this device for 30 days</label></p>
                        <p><a>Lost your 2FA device?</a></p>
                    </div><!-- end ngIf: twoFactorAuth -->
                </div>
            </form>
        </div>
    

    Hope this information is sufficient to fix the login flow.

    Thank you!

  • beyer
    beyer
    1Password Alumni

    Hey @vivekkrish,

    Welcome to the 1Password for Chrome beta and our Support Forum!

    I've taken a look at what you've posted (which was perfect) and created a fix for this website on my machine. This fix should be included in our next release of 1Password for Chrome.

    Thanks for your help! Let us know if you find any other websites that have issues filling an OTP.

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • huppie
    huppie
    Community Member
    edited August 2017

    While I don't really use the TOTP feature of 1Password I figured I'd give it a quick try because this is a beta after all...

    I found an issue with the TOTP my broker (degiro.nl) asks. The relevant HTML piece:

    <form action="#" method="POST" autocomplete="off" class="otp-verification__form___3aQCI form__form___q2r5R"><div class="input__inputControl___1uxe7 otp-verification__formControl___3esFm form__formControl___2rQW7 form__formLine___2fPOu"><div class="input__inputFieldWrapper___2uHtW"><input type="tel" id="0.18868595353197515" name="oneTimePassword" required="" autofocus="true" autocomplete="off" value="" placeholder="012345" class="input__inputField___3oVZK typography__bodyText___vvcwl index__baseTextStyle___3wqh1 input__inputFieldCenter___3fUZP otp-verification__formControlInput___3frjZ typography__h2___2qMID typography__bodyText___vvcwl index__baseTextStyle___3wqh1" data-com.onepassword.iv="" maxlength="7"></div></div><div class="otp-verification__formLine___2B6iC form__formLine___2fPOu"><button type="submit" class="button__button___h_oAL typography__bodyText___vvcwl index__baseTextStyle___3wqh1 button__buttonInactive___3LgNJ " disabled="">Verifieer GA-code</button></div></form>

    Although they gave the input field a phone number type ('tel', seriously?) it should be easy to recognize I guess because the name of the input field is "oneTimePassword".

    Edit: I'm sorry, I don't know how to format this any better.

  • dszp
    dszp
    Community Member

    So I'm testing this in Chrome on macOS because I don't own a Chromebook (though I'm contemplating buying a used one to test with)...and it's quite nice! However, the TOTP autofill didn't work on the site I tried it on so far, which is one of our internal tools we use at work for storing customer documentation, IT Glue. The login page is https://indeedit.itglue.com and the TOTP field appears below the user/password fields after submission when TOTP is enabled for an account. I can pull some details if needed since you wouldn't be able to see it without credentials; let me know what you need. Not a super high priority, just wanted to report :-)

  • beyer
    beyer
    1Password Alumni

    Hey @dszp & @huppie,

    Thanks for reporting these sites! I'll take a look at them and see what adjustment needs to be made to get these filling properly.

    Enjoy the rest of your weekend!

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • greew
    greew
    Community Member

    Hi :smile:

    2FA isn't working in GitLab self-hosted in 1P 0.8.4

    Cheers!

    /Jesper

    GitLab Self-hosted

  • beyer
    beyer
    1Password Alumni

    Hey @greew,

    Thanks for the screenshot, that's exactly what we need! I`ll take a look and hopefully get this fixed in the next release.

    Have a great rest of your week!

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • greew
    greew
    Community Member
    edited September 2017

    Ok, I've now got the 0.8.5 plugin, but still I don't get the TOTP in the field when using self-hosted GitLab. When using the plugin, I get my email address (username) instead of the TOTP.

    What exactly is the workflow to get a TOTP field filled out with the correct value?

    Edit: Ok, I have tested the workflow in GitHub and the TOTP is correctly filled there. Then there must still be issues with the self-hosted GitLab.

  • beyer
    beyer
    1Password Alumni

    Hey @greew,

    Bummer, sorry about that. :(

    I've created an issue and I'll double-check with a test account to see if I can reproduce the issue. If I can't, I'll let you know so we can dig for more information.

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

    ref: b5x-39

  • greew
    greew
    Community Member

    OTP works flawlessly with Digital Ocean - great! :+1:

  • beyer
    beyer
    1Password Alumni

    Great! :) :+1:

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • ThatChris
    ThatChris
    Community Member

    It pastes the username again rather than the 2FA code at protonmail.com/protonvpn.com.

  • beyer
    beyer
    1Password Alumni

    @ThatChris: Thanks! I've already fixed ProtonMail (on my machine at least), but surprisingly there's something different with the login form on ProtonVPN that is causing an issue. I'll add this to my list and hopefully get you a fix out in the next release.

    Have a rockin' week!

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • beyer
    beyer
    1Password Alumni

    @greew: I broke down and set up my own Gitlab self-hosted site via docker. Our latest release 0.9.1 has some changes that should support TOTP filling, but please let me know if it's not working for you.

    @ThatChris: ProtonMail should work for sure, but please let me know if it doesn't. On ProtonVPN, it's going to depend on how your item was created but there's a good chance TOTP filling is working for you there as well.

    Thanks for your help, we greatly appreciate your feedback.

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • Manaburner
    Manaburner
    Community Member

    I've just tried to use a login with TOTP (github.com) and after filling the username and password, the "Authentication code" screen is displayed and nothing is filled until I click the 1P icon in the menu bar again and select the Github item. Then it fills the TOTP. Is this how it is supposed to work?

  • beyer
    beyer
    1Password Alumni

    @Manaburner: At the moment, yes. We have some ideas to make further improvements in the future, so stay tuned for more updates.

    I hope you have a pleasant weekend.

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • Manaburner
    Manaburner
    Community Member

    @beyer
    thank you for clarifying.
    Have a nice weekend too. :)

  • AGAlumB
    AGAlumB
    1Password Alumni

    :) :+1:

  • greew
    greew
    Community Member

    @beyer Yup, I can confirm that the GitLab TOTP works with 0.9.2 :+1:

    Thanks a lot! :)

This discussion has been closed.