Designate field as 2FA/security question auto-copy

johnclay
johnclay
Community Member

While 1Password now copies 2FA tokens automatically, this only works on websites with up to date systems and proper 2FA. On older, or poorly designed websites, where the "2FA" is just a static security question or code, designating static text as an OTP doesn't work at all.

It would be much appreciated if there was a way to auto-copy a second password after auto-filling the first password - or better yet, auto-fill 2 password fields.

An example of this would be the Otis eService (http://eservice.otis.com) page. Upon successful login, you're prompted on the same page to enter the answer to a security question. Another example would be the President's Choice MasterCard website (https://online.pcmastercard.ca/PCB_Consumer/Login.do?LAN=EN). Upon successful login from a new computer, you are prompted to enter the answer to a security question.

Thanks!


1Password Version: 6.8.1
Extension Version: Not Provided
OS Version: 10.13
Sync Type: iCloud

Comments

  • Lars
    Lars
    1Password Alumni

    Hi @johnclay -- thanks for the thoughtful request; I can see you put some time into it! And yes, there are still some websites out there that have yet to adopt current security practices around 2SV/security questions. I can't speak for either of those two particular websites, but I'm wondering in either case if our instructions for websites with multiple pages would be of use for you? I can't think of anything else we have currently that might be of immediate benefit to you with such logins. Let us know if you have any success with those steps. I'll definitely mention your suggestion to our dev team, but I have to be honest when saying that even without being a coder myself, I have an idea of the amount of work it would take to create such a thing and have it work successfully -- it's an entire additional layer of filling logic. That's not to say we couldn't do it, just that it may not be in the cards anytime soon, as we've got quite a few other priorities on our plates right now, and hopefully the number of websites using this older, less secure method of secondary verification will continue to decrease. However, I'll add your voice and keep your eye on the updates and our blog -- you never know! :)

  • johnclay
    johnclay
    Community Member

    @Lars Unfortunately that won't work, as it supposes there is only one password. The issue is that there are 2 passwords required to login.

    A seemingly simple way to implement this would be to have a field (like the existing OTP field-type) that is auto-copied. It would not need to be parsed by 1P like the OTP field is, just copied upon auto-filling the saved password.

  • Lars
    Lars
    1Password Alumni

    @johnclay -- OK, thanks for the suggestion. I'll make sure the devs see it. Cheers! :)

This discussion has been closed.