Two step verification and Evernote.

I'm using 1Password 7.0.1 I have two step verification created and active with my Evernote account. The TSV is using Google Authenticator. In1Password, where I have created the onetime password there appears a green Google Icon in a pulldown menu. There also appears an orange screen at the top, which says "Two-Factor Authentication Available. This website supports 2FA (according to twofactorauth.org), but you haven’t enabled it. View Instructions…"

In additon the Evernote login information appears in "Inactive 2FA". I've verified that the TSV is working by logging into my Evernote account. Why is the login information appearing in the inactive section? And how do I correct this?


1Password Version: 7.0.1
Extension Version: 1Password X 1.7.3
OS Version: 10.13.4
Sync Type: Cloud
Referrer: forum-search:Evernote twostep

Comments

  • Greetings @Stacey63,

    It kind of sounds as if you're saying your TOTP code is stored in a separate item rather than being part of the Evernote Login item. Would I be correct at all in this? The way we imagine TOTP working is the TOTP details are stored in the same Login item so that when you're on that site you can easily locate the TOTP code, in fact if a Login item has TOTP details 1Password will copy the current code to the clipboard after you fill with that Login item, the idea being you will naturally need the code next. As 1Password saves the secret you can edit one item and copy the entire string over to the Evernote one. You will need to set the custom field type to One-Time Password so 1Password knows what to do with the string but once you do you should find it no longer appears in Watchtower.

    Here's an example Amazon item with no One-Time Password field.

    Here's another with a One-Time Password field.

    Here's what the item looks like when editing, with the contents of the One-Time Password field visible.

    If you create a new custom field of type One-Time Password and copy the entire string over you'll be able to confirm they're both generating the same secret and 1Password will know you've set up 2FA on Evernote.

    Does that help at all?


  • I think the question is if specifically Evernote will accept 1Password as it's 2FA application. When you're logged into your Evernote account on the web (which is the only place you can update your 2FA/OTP preferences, you MUST provide an mobile phone to receive a SMS short code, then they provide the option use "Google Authenticator" (enclosed screenshot). However, you can ignore the stated authentication app and just use 1Password, by picking one of the Google Authenticator options and exposing the QR code. What seems to work best for me is using the 1Password app on my phone, opening up my Evernote account add adding the OTP by hitting the QR code icon, which will pop open the camera so you can capture the code off your computer. It'll make sense once you try...

  • Hi @donsmith21,

    When sites reference Google Authenticator they're really talking about RFC 6238 which is what 1Password also supports. Any site that offers Google Authenticator as an option will work with 1Password as well.

    This is a separate issue though to the one being asked. If a user prefers a separate application to handle the 2FA codes, such as Google Authenticator or Duo then 1Password will incorrectly display a message about 2FA being available for a particular site as can be seen in the first image of my previous reply. 1Password cannot interact with the other app to know you have 2FA activated and working, it can only infer that if your Login item in 1Password either stores a TOTP secret or you can the 2FA tag to tell 1Password to ignore it for this Login item. To see this you would need to activate 2FA using the likes of Google Authenticator and not 1Password.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file