Apple watch only shows one-time password and not regular password [improved in 7.2.2]

2

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited January 2018

    I have to say, I'm still confused as to when/how the Apple Watch app itself is useful.

    @TheDave: (Edit: Oops! @-mentioned the wrong person here originally...) You're not alone! That is, I find it incredibly useful for a lot of other things, but we still don't have a good sense of how 1Password could best fit there...which is why we haven't mad a lot of big changes.

    I thought I might put a bit of critical information on my watch to help me out if my phone dies or is stolen while I'm traveling.

    Indeed, that at least seems to be the consensus. :)

    A few things that might be useful:
    My 1Password account. This seems like the #1 thing I will need because I can get everything else I need from here. Apple Watch only shows my username and password, no secret key. #fail. (No URL either, but I'll remember it, so probably not a big deal).

    That's a really good point, and I appreciate you bringing it up. For me, storing 1Password.com account information on my watch isn't an option, as I need to make sure I'm not in a position to give away access to company resources in a search when traveling. But certainly that's not the case for everyone. I don't think this is something we'll specifically address, but we would like to make it more flexible as far as what is or is not displayed, so that may help.

    My FastMail email account. I get only a TOTP code, but no URL, username or password. #fail. Again, I'll manage the URL and username, but I need both the password and the TOTP code to login.

    Another good example. I think I can relate to this one a bit better, since I treat my personal email as fair game for the TSA. Can't be helped. Also goes back to adding more flexibility with regard to what is displayed on the watch.

    On this topic, why do I mention needing the URL? Well, someone in my life was traveling and used Google to find FastMail, then ended up entering his credentials on the wrong site. I can imagine making the same mistake with services I use less frequently, and you could make this mistake too. Don't believe me? Quick, without a search engine, your flight was just rebooked and you need to login to get some details, what is the URL for the airline Jet Time?
    Maybe I'll try iCloud so that I can access my address book? I have my username and password, but unfortunately I use two-factor authentication which sends a popup or text to the phone I don't have. I know, I'll use my security questions! Sadly, I use randomly generated secure answers since security questions are inherently insecure. And they're not on the Apple Watch either, so #fail again.

    Great examples! I agree that these are things we need to take into consideration as we develop future versions. You may find Secure Notes useful for storing pretty much anything you choose on your watch in the mean time.

    My Passport details. #success all the needed details are here!!!

    I haven't yet met a government official (or even one at a duty free shop!) who will accept a digital copy of a passport, unfortunately. :lol:

    Ultimately I don't see how the 1Password app is ever really useful for those of us who use unique passwords for each site and also use TOTP. Even for day-to-date use, I'm just not seeing how/where this app solves any problem other than for very basic sites that only use a basic username/password.

    I use it all the time for TOTP and, honestly, for a lot of travel-specific Secure Notes.

    As for a solution, is there a technical reason you can't just show the entire 1Password record for all of the normal data fields? I don't think we need the metadata (tags, dates, web form details, password history), but pretty much all of the rest seems like it would be very useful to have.

    Not really a technical reason, but security and usability reasons: Apple Watch data is encrypted by iOS/watchOS, not your Master Password, so we intentionally limited what was sent there, so that someone stealing your watch doesn't get all of your login credentials along with the TOTP code; and honestly it would be a nightmare for most of us to have to enter our Master Password on that tiny screen if the data were encrypted with it. It also wasn't clear how its security would stand up at first. Apple has added some important security features though (iCloud lock and full app support) which weren't available at all for a while. And while we have a better sense now of what risks there are to data on the Apple Watch, it's almost certainly going to be less secure than using 1Password the iPhone, so we do want to continue to treat it cautiously. With that in mind, while we'd also like more flexibility, we really need to figure out reasonable defaults and how to present users with clear information about the risks if we allow them to be overridden. Otherwise a lot of people will just dump everything on there, and may regret it later. It's an interesting design problem, but we love those. :)

  • TheDave
    TheDave
    Community Member

    For me, storing 1Password.com account information on my watch isn't an option, as I need to make sure I'm not in a position to give away access to company resources in a search when traveling.

    I tend to agree. I disable the 1Password Apple Watch support (removing the data from the keychain), and power down both the watch and iPhone completely when I approach any situation where I may be searched. The rest of the time, I'm content with Apple's level of security. This especially applies to the Apple Watch as someone cannot grab it while I'm using it (unlocked) and run since it re-locks immediately.

    Another good example. I think I can relate to this one a bit better, since I treat my personal email as fair game for the TSA. Can't be helped. Also goes back to adding more flexibility with regard to what is displayed on the watch.

    From a legal standpoint, not even border security can access data stored on the cloud without your consent, only items and data on your person are subject to search. Again, I trust the above process will protect me should a border guard be unaware of the limits of their authority.

    I haven't yet met a government official (or even one at a duty free shop!) who will accept a digital copy of a passport, unfortunately. :lol:

    You haven't? Every time I enter either Canada or the US, I'm required to write down my passport number and it turns out I'm free to obtain it digitally rather than pulling out the physical passport. It's also useful to have the full details if you ever lose it and need to visit an embassy for assistance.

    http://www.ipadforums.net/threads/canadian-man-allowed-to-cross-us-border-with-ipad-scan-of-passport.59495/ is another example, although if you look into the case, they didn't accept the copy on his iPad, rather, they used the information to look up the details in their own system and permitted the travel on that basis.

    I use it all the time for TOTP and, honestly, for a lot of travel-specific Secure Notes.

    Do you memorize your passwords?

    Apple Watch data is encrypted by iOS/watchOS, not your Master Password

    Understood. Is there any evidence that watchOS can be accessed in any fashion other than the UI, or that it is less secure that iOS on modern hardware under the same conditions (unlocked, PIN locked, freshly booted without first PIN activation)? At least as of the S2 chip (Series 1 and newer), there is a hardware based secure enclave similar to that on iOS which has consistently defeated all known/published attempts to break into it.

    Keep in mind the level of security really only needs to perform to a certain level, otherwise one should create a situation where one cannot access external resources at all, even if they are compelled to do so.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I tend to agree. I disable the 1Password Apple Watch support (removing the data from the keychain), and power down both the watch and iPhone completely when I approach any situation where I may be searched. The rest of the time, I'm content with Apple's level of security. This especially applies to the Apple Watch as someone cannot grab it while I'm using it (unlocked) and run since it re-locks immediately.

    @TheDave: Yup! Likewise. :) :+1:

    From a legal standpoint, not even border security can access data stored on the cloud without your consent, only items and data on your person are subject to search. Again, I trust the above process will protect me should a border guard be unaware of the limits of their authority.

    Well...the key word there is "consent": I think a lot of us — myself included — will consent to a search when the alternative is being detained seemingly indefinitely.

    You haven't? Every time I enter either Canada or the US, I'm required to write down my passport number and it turns out I'm free to obtain it digitally rather than pulling out the physical passport. It's also useful to have the full details if you ever lose it and need to visit an embassy for assistance.

    That's a really good point. I was referring to cases where you we to actually present the documents to an official. Certainly if you're already past that stage though it can be handy to pull up the info for reference when filling out forms.

    http://www.ipadforums.net/threads/canadian-man-allowed-to-cross-us-border-with-ipad-scan-of-passport.59495/ is another example, although if you look into the case, they didn't accept the copy on his iPad, rather, they used the information to look up the details in their own system and permitted the travel on that basis.

    Well, in the US the police won't accept me giving them my drivers license or insurance number so they can look it up in their computer, even though its obviously something they have access to. Glad to hear that Canadian hospitality is alive and well though. :lol:

    Do you memorize your passwords?

    Just the one. ;)

    Seriously though, I use the 1Password app to sign in "from scratch", since I'll need the username and password and some other info. I really don't have any hope of typing those in in a reasonable amount of time (like, reading from my watch). At that point it's faster for me to use my iPhone or something.

    Understood. Is there any evidence that watchOS can be accessed in any fashion other than the UI, or that it is less secure that iOS on modern hardware under the same conditions (unlocked, PIN locked, freshly booted without first PIN activation)? At least as of the S2 chip (Series 1 and newer), there is a hardware based secure enclave similar to that on iOS which has consistently defeated all known/published attempts to break into it.

    watchOS and the Apple Watch hardware can use strong encryption just as iOS devices do, but it's important to keep in mind that most people are going to use weaker device passcodes than they do Master Passwords — especially in their watch. And since that's what the data is encrypted with, we need to keep that in mind when designing and using 1Password there.

    Keep in mind the level of security really only needs to perform to a certain level, otherwise one should create a situation where one cannot access external resources at all, even if they are compelled to do so.

    I'm not sure I follow you here, so let me know if there's something else we haven't covered above. Cheers! :)

  • TheDave
    TheDave
    Community Member

    watchOS and the Apple Watch hardware can use strong encryption just as iOS devices do, but it's important to keep in mind that most people are going to use weaker device passcodes than they do Master Passwords — especially in their watch. And since that's what the data is encrypted with, we need to keep that in mind when designing and using 1Password there.

    Given that they have exactly 10 tries to crack a 6 digit code, and the secure enclave itself enforces this limit, this would seem to be sufficient security if appropriate opsec is maintained. Part of that is not entering your PIN where it might be observed by a camera.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Given that they have exactly 10 tries to crack a 6 digit code, and the secure enclave itself enforces this limit, this would seem to be sufficient security if appropriate opsec is maintained. Part of that is not entering your PIN where it might be observed by a camera.

    Totally. And I think that's sufficient for most people. But I do think it still behooves us to consider that this is still a very different level of security that what we're accustomed to with the other 1Password apps — and not everyone will be using those security settings either. We just want it to be sufficiently safe for people to use "out of the box", both with regard to 1Password's default configuration and also iOS/watchOS. With 1Password for iOS or 1Password for Mac, there are just fewer factors involved overall.

  • noelbernie
    noelbernie
    Community Member

    Any update on this?

    Not having the username and password if an OTP is on file is both inconsistent and inconvenient.

    Inconsistent: if there is a concern of security, why have removed the PIN option on Watch (a year ago or so)? why can I see my full iCloud login and password (with Apple’s 2FA), my credit card pin but not my Google’s ones (saved with Google’s 2FA)?

    Inconvenient: I don’t know any of my passwords apart from the 1Password. Your WatchTower is pushing for strong passwords everywhere. Not seeing the password on watch severely limits its usefulness (I almost completely stopped using it).

    Result: I now only use the watch app for iCloud credentials on occasions where my phone puts a modal window requesting password that can’t be dismissed, or to remember a credit card pin if I don’t have my phone.

    Expected: let me see these full credentials. Make it an option if necessary. Allows me to be able to log in to important sites if my phone battery is depleted or phone not on me.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Any update on this? Not having the username and password if an OTP is on file is both inconsistent and inconvenient.
    Inconsistent: if there is a concern of security, why have removed the PIN option on Watch (a year ago or so)?

    @noelbernie: Many people use two-factor authentication because they want a second factor. Having the login credentials and TOTP on the watch negates that aspect. Certainly though some people are okay with that, so it may be an option we add in the future.

    why can I see my full iCloud login and password (with Apple’s 2FA),

    You can't. Apple's Two-Factor Authentication uses the OS for push notifications and one-time passwords. It's not something you can use 1Password for, as 1Password supports the TOTP standard.

    my credit card pin but not my Google’s ones (saved with Google’s 2FA)?

    Credit card PINs are static, and therefore cannot be used as a second factor; they're just part of the card details.

    Inconvenient: I don’t know any of my passwords apart from the 1Password. Your WatchTower is pushing for strong passwords everywhere. Not seeing the password on watch severely limits its usefulness (I almost completely stopped using it).

    I find it useful as I have a number of accounts that will still ask me for my TOTP code periodically even though I'm already logged in (in order to maintain my session), but I can see how it may be inconvenient for you if you're relying on only your watch times when you need to login to a website. I just wouldn't want to have to type these passwords either way — whether they're on my watch or not. TOTP codes are considerably easier in that regard. But it's good to get a sense of how you're using 1Password.

    Result: I now only use the watch app for iCloud credentials on occasions where my phone puts a modal window requesting password that can’t be dismissed, or to remember a credit card pin if I don’t have my phone.
    Expected: let me see these full credentials. Make it an option if necessary. Allows me to be able to log in to important sites if my phone battery is depleted or phone not on me.

    It's not something we're going to change mid-cycle, but we'll keep it in mind when developing future versions. Thanks for sharing your feedback and use case! :)

  • proinsias
    proinsias
    Community Member

    Just adding my two cents – I would also like the option to have the credentials and the 2FA code available. If nothing else, I found it strange that logins without the 2FA code would show the credentials, and those with do not, and it wasn't obvious why not.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @proinsias: That's a good point. Thanks for letting us know your preference. :)

  • caspararemi
    caspararemi
    Community Member

    Hi guys,
    I came across this thread while checking if I'd done something wrong setting up my syncing with the Watch app, or that there was a serious bug with the app!

    It seems really weird not to allow logins with 2FA to show you the username & password. I usually use the watch to bring up my password for when I'm logging into a new computer, for example at work. It's great to have the code on there, but one needs the username/password first in order to get there, otherwise you might as well just use your phone.

    Please consider showing the username & passwords above or below the 2FA code so you can scroll with the crown to view both.

    Hope you're able to implement this at some point!

  • twilsonco
    twilsonco
    Community Member
    edited June 2018

    I have a suggested implementation:

    • For an Apple Watch item with a 2FA (one time password) code, the user can force-touch to reveal an option, "Show credentials".
    • When the user selects "Show credentials," they have to enter a PIN number that can be set in the Apple Watch settings in the iPhone 1P app.

      • This pin could also be set via a new field in the item itself in the 1P app, "Apple Watch Pin" or something, but this sounds like overkill, but would provide maximum security to have a per-item pin.
      • More likely, a global pin would suffice, but food for thought
    • After a correct pin is entered, the user credentials are shown

    This way, both authorization factors aren't in the hands of a potential Apple Watch thief.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @caspararemi: Thanks for the feedback! It's something we'll be looking at as we develop future versions of the watch app. :)

  • AGAlumB
    AGAlumB
    1Password Alumni

    For an Apple Watch item with a 2FA (one time password) code, the user can force-touch to reveal an option, "Show credentials".

    @twilsonco: I really like this idea personally, but we've also heard from a number of folks who like that only the TOTP code is sent to the watch since that actually allows it to be a second factor. Sending all the credentials there negates that. So it really depends. Food for thought.

    When the user selects "Show credentials," they have to enter a PIN number that can be set in the Apple Watch settings in the iPhone 1P app.

    Our Apple Watch app actually used to have its own PIN, but since it isn't possible (yet?) to do crypto in a watch app this approach doesn't offer good security. So in later versions we changed it so that 1Password for Apple Watch requires the watch to have a PIN set, so that can be used by the OS to encrypt the data.

    The watchOS "erase data" setting also helps (and is smart enough that you won't accidentally wipe your watch in your sleep). Anyway, we'll see what we can come up with for future versions. :)

  • TheDave
    TheDave
    Community Member

    It occurs to me that the option to push certain items to Apple Watch could be a three way switch: No/Login/Login+TOTP, such that all users get what they want.

    While I'm not a fan of the idea of a separate PIN, there is no reason it needs to be cryptographically secure, an app-enforced PIN is sufficient to defend against "Physical access to the unlocked watch" while it won't help "Physical access to the watch with technical skills to access the device through the undocumented inaccessible port AND resources to break device level encryption".

    At least in my house, physical access to the unlocked watch is a very achievable goal as literally anyone in my house could pick up my Apple Watch when I'm not wearing it, then wait it until the next time I glance at my iPhone X (unlocking both the phone and watch). It would be trivial to accomplish while I'm in bed, in the shower, etc. In fact the easiest attack would be to sneak in while I'm sleeping, grab the watch, then phone me so that I unlock my phone while I answer. At this point they have unlimited access to my watch until/unless the wrist detection re-locks the device.

    It is unlikely that anyone I know would be able to defeat any further security mechanisms.

    Sure, I could set the watch to not unlock with my iPhone, but this only raises the bar slightly as my device PIN will need to be entered many times throughout the day and it is quite possible for someone to eventually observe me doing so.

    Obviously such a feature would need to be well described to indicate the level of security provided, but since it does not reduce real security, the only harm is a false sense of security and I think anyone paranoid enough for this to matter would not sync the data anyway.

    It also occurs to me that instead of the three way switch described above, the Apple Watch app could have a pair of checkboxes: "Require PIN for password" and "Require PIN for TOTP". These would apply to all items, and would allow me to choose what data requires an additional authentication step. I could display the TOTP freely, while restricting access to the password, again addressing all of the current concerns while making the Watch App actually fulfill the need of letting me login to a service.

  • AGAlumB
    AGAlumB
    1Password Alumni

    It occurs to me that the option to push certain items to Apple Watch could be a three way switch: No/Login/Login+TOTP, such that all users get what they want.

    @TheDave: That's a cool idea. I'm not sure that would be super user friendly (we hear from a lot of folks who run into issues from changing a setting and then forgetting about it), but I can see the appeal.

    While I'm not a fan of the idea of a separate PIN, there is no reason it needs to be cryptographically secure, an app-enforced PIN is sufficient to defend against "Physical access to the unlocked watch" while it won't help "Physical access to the watch with technical skills to access the device through the undocumented inaccessible port AND resources to break device level encryption".

    I think that's a better argument in a world in which only (and I mean only) TOTP codes are present on the watch. Otherwise I really have to disagree. The expectation is that when 1Password is "locked", it's data is encrypted. And since that isn't possible currently, we rely on the device passcode to fill that role. A separate PIN is also another something to forget. I think in the future if it's possible for us to do crypto on the watch ourselves, it could be reasonable to allow people to put anything they want there, and it would make more sense to have a separate PIN for 1Password to secure it all. But that's not where we're at today. :(

    At least in my house, physical access to the unlocked watch is a very achievable goal as literally anyone in my house could pick up my Apple Watch when I'm not wearing it, then wait it until the next time I glance at my iPhone X (unlocking both the phone and watch). It would be trivial to accomplish while I'm in bed, in the shower, etc. In fact the easiest attack would be to sneak in while I'm sleeping, grab the watch, then phone me so that I unlock my phone while I answer. At this point they have unlimited access to my watch until/unless the wrist detection re-locks the device. It is unlikely that anyone I know would be able to defeat any further security mechanisms. Sure, I could set the watch to not unlock with my iPhone, but this only raises the bar slightly as my device PIN will need to be entered many times throughout the day and it is quite possible for someone to eventually observe me doing so. Obviously such a feature would need to be well described to indicate the level of security provided, but since it does not reduce real security, the only harm is a false sense of security and I think anyone paranoid enough for this to matter would not sync the data anyway.

    I know where you're coming from, but "a false sense of security" is a terrible fit for a security product, even though that might be perfectly acceptable to you in your particular case. Those are all really great points, but not everyone shares your threat model. A lot to consider.

    It also occurs to me that instead of the three way switch described above, the Apple Watch app could have a pair of checkboxes: "Require PIN for password" and "Require PIN for TOTP". These would apply to all items, and would allow me to choose what data requires an additional authentication step. I could display the TOTP freely, while restricting access to the password, again addressing all of the current concerns while making the Watch App actually fulfill the need of letting me login to a service.

    I think that's easier to understand than a three way switch. I guess we'll have to see how things develop in future iterations of the watchOS SDK. But here's hoping that Apple introduces something lie DNA ID or fits Touch ID under the watch screen so we can have better convenience and security there. Those things could open up a whole world of possibilities. As always, thanks for the thoughtful feedback! :)

  • gvantass
    gvantass
    Community Member

    Please add me to the list of users who want the option to send both the passcode and the OTP to the Apple Watch. There are times when I forget my phone at home and want to access some of my 2FA accounts, like from work (we use shared computers, so I don't like to save my credentials there). Frankly, anywhere I can have 2fa, I have enabled it.

    In my perfect world, this would be able to be an option per entry from the iPhone to send to the Watch, and possibly be a Force Touch switch, so that the password is shown but the OTP is behind a force touch.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited July 2018

    Thanks for the feedback. Certainly something we're considering for future versions. :)

    ref: apple-1893

  • rctneil
    rctneil
    Community Member

    +6 for this too!!

  • @rctneil,

    how would you envision this working? page swipe? scroll? tap to switch between the two?

  • TheDave
    TheDave
    Community Member

    Sure, any of those would work.

    I think TOTP code first, with a scroll or tap to reveal more -- The reasoning being that if I only need one, it is safer to momentarily reveal a TOTP code publicly than to reveal my password.

    Another option would be to list all the available fields and tap to reveal a field (applying to both the password and TOTP code).

  • AGAlumB
    AGAlumB
    1Password Alumni

    it is safer to momentarily reveal a TOTP code publicly than to reveal my password.

    Good point. :)

    Another option would be to list all the available fields and tap to reveal a field (applying to both the password and TOTP code).

    With screens getting bigger, maybe that will be more feasible. But I failed in my efforts to procure the new model today, so I can only imagine.

  • TheDave
    TheDave
    Community Member

    I have a series 2 and the screen is easily big enough. I do think I see a series 4 in my future, but I think I'm going to give it a little bit of time before committing. Getting a cellular enabled watch has some perks though and my effective price will be just $5/month, so yeah...

    At any rate, even on the series 2 with a smaller screen, look at the main screen list of items? We can easily see multiple items and select the one that I want.

    Imagine when you tap on an item the next screen has the "< title" at the top (like today) and the list of fields below that match the same size/layout of buttons as the main screen list? Tapping on one of those items could bring up the item selected in a dedicated view showing just the one item.

    I'd love to load other fields from 1Password too (2FA recovery codes, other types of one-time passwords, my 1Password secret key, etc).

    Showing less information at a time on one screen is good too, if I'm looking for my email password and TOTP, there's a minor benefit if it doesn't display any information at all (just field names) until requested: Imagine I look up my email password or TOTP code while someone is taking photos/video to analyze later? The less information that they can capture the better, I'm ever so slightly safer if they only see my password (but don't grab my username and have no idea who I am or how to find it). Sure, if they have enough video they'll catch it wherever I am using that password, but why make it easier? Why display anything more than what field is explicitly needed at any moment?

  • AGAlumB
    AGAlumB
    1Password Alumni

    I have a series 2 and the screen is easily big enough. I do think I see a series 4 in my future, but I think I'm going to give it a little bit of time before committing. Getting a cellular enabled watch has some perks though and my effective price will be just $5/month, so yeah...

    Sounds good to me! :)

    At any rate, even on the series 2 with a smaller screen, look at the main screen list of items? We can easily see multiple items and select the one that I want.

    I personally find that to be true, but we also get a lot of feedback from folks who feel that it's too cramped currently. So it is something we need to consider.

    Imagine when you tap on an item the next screen has the "< title" at the top (like today) and the list of fields below that match the same size/layout of buttons as the main screen list? Tapping on one of those items could bring up the item selected in a dedicated view showing just the one item. I'd love to load other fields from 1Password too (2FA recovery codes, other types of one-time passwords, my 1Password secret key, etc).

    I think that sounds good, but it would mean a significant rewrite. It isn't something we're able to work on right now, but I do hope we can do more in this area in the future.

    Showing less information at a time on one screen is good too, if I'm looking for my email password and TOTP, there's a minor benefit if it doesn't display any information at all (just field names) until requested: Imagine I look up my email password or TOTP code while someone is taking photos/video to analyze later? The less information that they can capture the better, I'm ever so slightly safer if they only see my password (but don't grab my username and have no idea who I am or how to find it). Sure, if they have enough video they'll catch it wherever I am using that password, but why make it easier? Why display anything more than what field is explicitly needed at any moment?

    Agreed. Definitely things we can take into account as we develop future versions. Thanks for the suggestions! :)

  • TheDave
    TheDave
    Community Member

    Understood. This is definitely longer term planning and not an overnight change.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Absolutely, so it's good to discuss and think about. Personally I'm hoping that the Series 4 and watchOS 5 will be enticing enough for people (including myself) to get rid of Series "0" and maybe we'll have more to work with as a result. :)

  • 1binduwavell
    1binduwavell
    Community Member

    1P already sends username/password if there is not an OTP for an account I link with my Apple Watch, so clearly it is well understood that there is value for that use case. For example when logging in on a friends phone/computer.

    Once there is an OTP, I get leading with the OTP as in most cases (when I'm on my own machines, that is what I'm looking for.) However, not having the username/password for things with an OTP makes it so I can't login on computers where I don't have 1P setup without going to another computer or my phone.

    I would like to see entries with an OTP lead with the OTP but let me scroll with the crown down to see username and password.

    For now as a workaround, I guess I can have two accounts in 1P one with OTP and one without, both linked to my Apple Watch. Oof..

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited September 2018

    Thanks for sharing your thoughts. As mentioned previously, it's something we're considering for the future, if and when we redesign the watch app. Cheers! :)

    ref: apple-1007, apple-1893

  • AGAlumB
    AGAlumB
    1Password Alumni

    I think there's still room for improvement, but yep: @rudy snuck that one in. Glad to hear that helps! :)

    In case anyone has trouble with this, disabling and re-enabling "Add to Apple Watch" in the item will ensure that the data gets sent there. It may have only the TOTP code cached, since that's all it supported previously in that scenario. Cheers!

  • TheDave
    TheDave
    Community Member

    Looking good from here, thanks!

This discussion has been closed.