2 Step Authentication

Hello,

I am wondering if anyone can assist?

Does this: https://support.1password.com/one-time-passwords/ mean that we can use 1Password (using Chrome Browser) to automatically fill in the 2 Step Authentication code for websites that we have this set up for?

ie. Instead of me having to go to my Authenticator app in my phone, get the 6 digit code, and then manually enter it it, that 1Password will automatically enter it in for me (I am using LastPass Authenticator app in my iPhone)?

Is that what this is saying, or is it something else?

Would be great if that is the case.

Kind regards,

Anthony


1Password Version: Not Provided
Extension Version: 1.81
OS Version: Windows 7 Pro
Sync Type: Not Provided

Comments

  • protozzx0
    protozzx0
    Community Member

    Hi @Swishy888

    Yes, that is the case :-)

  • Swishy888
    Swishy888
    Community Member

    Oh, WOW, that is awesome!! :)

  • Swishy888
    Swishy888
    Community Member

    Just tried it on one site, and it is working :)

    Although I note that the code in 1password is about 20 seconds behind my authenticator app - ie. even though my app has changed to xxx xxx , the code in 1Password is showing the previous code - ie. yyy yyy , however it still seems to work ?

  • Hey @Swishy888! As @yokk kindly confirmed, 1Password X now autofills your TOTP codes. It's really awesome! 🙂

    Since you're seeing different codes between 1Password and other authenticator apps, I'd suggest double-checking the current time set for each device. The time must be the same on each device in order for the codes to be generated in sync with each other.

  • Swishy888
    Swishy888
    Community Member

    Thanks @DaltonD :)

    One quick question.

    If my phone is no longer needed for 2 step auth, isn't this a security issue though?

    Kind regards,

    Anthony

  • Swishy888
    Swishy888
    Community Member

    Also, another thing - coming back to:


    @Swishy888
    Although I note that the code in 1password is about 20 seconds behind my authenticator app - ie. even though my app has changed to xxx xxx , the code in 1Password is showing the previous code - ie. yyy yyy , however it still seems to work ?

    @DaltonD
    Since you're seeing different codes between 1Password and other authenticator apps, I'd suggest double-checking the current time set for each device. The time must be the same on each device in order for the codes to be generated in sync with each other.


    I have now confirmed that my computer and iphone are showing the same time.

    What I have since discovered is that the code in my authenticator app is different to the code in the 1password application (Windows) which is different again to the code in 1password X (Chrome)

    I am therefore having issues using the code that is being generated in 1Password X

    So I think there is an issue here.

    Anyone able to advise?

    Kind regards,

    Anthony

  • AGAlumB
    AGAlumB
    1Password Alumni

    If my phone is no longer needed for 2 step auth, isn't this a security issue though?

    @Swishy888: It depends on your perspective, and your threat model. Using 1Password to store the authentication token securely is going to be safer (both security-wise and as far as availability) for most people. But certainly if you'd prefer to keep it separate you can do that too. Just keep in mind it's sort of irrelevant if you also have 1Password on the phone you're using for the authenticator app anyway. ;)

    What I have since discovered is that the code in my authenticator app is different to the code in the 1password application (Windows) which is different again to the code in 1password X (Chrome) I am therefore having issues using the code that is being generated in 1Password X

    @Swishy888: It may be that there's something non-standard about the TOTP secret, or we could have a bug. Would you be able to disable TOTP for that account and share it with us so we can test it to see if there's a discrepancy?

  • Swishy888
    Swishy888
    Community Member

    Hi @brenty

    Thank you for the reply :)

    In regards to:


    ANTHONY:
    What I have since discovered is that the code in my authenticator app is different to the code in the 1password application (Windows) which is different again to the code in 1password X (Chrome) I am therefore having issues using the code that is being generated in 1Password X

    @brenty:
    @Swishy888: It may be that there's something non-standard about the TOTP secret, or we could have a bug. Would you be able to disable TOTP for that account and share it with us so we can test it to see if there's a discrepancy?


    --> The issue is actually happening on multiple logins.

    Some are working, and some are not.

    I will review them on the weekend and will get back to you then.

    Kind regards,

    Anthony

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Swishy888: Thanks for getting back to me. Even just one concrete example may be helpful. We see issues with TOTP generation from time to time due to differences between devices' date/time/zone settings. Usually simply setting it manually works (in almost all cases, a Wi-Fi-only device is having trouble syncing the time correctly; happens much less with cellular). But 1Password X is fairly new and we have hit some odd edge cases with TOTP generation there which we've addressed, so it wouldn't shock me if there's something else we need to account for. I'd expect that the native apps would generate valid codes provided the system time setting is dead on, given that we haven't seen any issues with it there for years. But ultimately the only way to be sure is to test it. I look forward to hearing back from you.

  • Swishy888
    Swishy888
    Community Member

    Hi @brenty

    Thank you for the reply.

    I have set it up on 2 separate dropbox accounts.

    The code in LastPass Authenticator app in my iphone is about 20 seconds different to that in iPassword (for both).

    They are cycling through the same codes, just about 20 - 30 seconds apart.

    I can disable TOTP on one of the dropbox accounts, and send through logins to you - how did you want me to send the logins to you? Can I share it via 1Password somewhow?

    Kind regards,

    Anthony

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Swishy888: 1Password is just using your device time setting. Other apps sometimes phone home to their server, so that could account for the difference. I'm glad that the codes are at least consistent though. If you can invalidate your current TOTP secret and share it, that would be great. I'll send you a private message in a minute. :)

  • Swishy888
    Swishy888
    Community Member

    @brenty - messaged to you :)

  • AGAlumB
    AGAlumB
    1Password Alumni

    :) :+1:

  • AGAlumB
    AGAlumB
    1Password Alumni

    After testing this, I'm getting the same code between all versions when the time is in sync. But I did want to address this from earlier:

    Although I note that the code in 1password is about 20 seconds behind my authenticator app - ie. even though my app has changed to xxx xxx , the code in 1Password is showing the previous code - ie. yyy yyy , however it still seems to work ?

    In case it helps anyone else, most sites that use TOTP will accept codes in a window of +/- 30 seconds to allow for differences between their time and users' devices. That way, there's some wiggle room before a code expires, if your device time is "slow" and you're getting the code 20 seconds or so later than that the server expects. That "old" code will continue to be valid for a bit longer, and if your device is "fast" generally the next code will be accepted as well within a similar time frame. :)

  • Swishy888
    Swishy888
    Community Member

    Hi @brenty

    Just an update with this one.

    Most of my 2 Step auths with 1password are working.

    One oddity is the 2 step auth for actually 1password

    It isn't working at all now (which is weird, because I haven't changed phones, and it was working previous for me to set it).

    My time on my computer is correct - See: http://files.swishdesign.com.au/CPDnVpt

    I can log into 1password with out it (when going via the Google Chrome browser extension (it doesn't ask for 2 step via this way)).

    I then turned 2 step off, then went to re-enable it again, however I can't apply it, as it is saying it is the wrong 6 digit code when I enter it in (which is is the code generated by my phone from the new bar code I just scanned).

    Any ideas?

    Kind regards,

    Anthony

  • Swishy888
    Swishy888
    Community Member

    it's ok - I worked it out now . for some reason, my iphone was not telling the correct time

  • Thanks for the update, @Swishy888. I'm glad things are working for you now.

    It is odd your iPhone was showing the wrong time as it syncs with the Apple time servers by default. Do you have Set Automatically enabled in Settings > General > Date & Time? This support article from Apple describes this in more detail.

    ++dave;

  • Swishy888
    Swishy888
    Community Member

    Thanks @dteare :)

    I must have unchecked this previously when I was initially having issues.

    All good now (and enabled) :)

    Kind regards,

    Anthony

  • AGAlumB
    AGAlumB
    1Password Alumni

    I also tend to have similar problems on Wi-Fi-only devices (presumably since cellular allows continual time synchronization). Glad that did the trick for you! :)

This discussion has been closed.