How to auto-fill 2FA static password?

On my broker's website I need to enter a numeric PIN after my password to login. The website for the broker is kite.zerodha.com
The login URL for both the password and pin is same but the page "changes". I have tried to make a custom field with "PIN" as the name but it didn't work. 1Password suggests to save a new login with new password or update the current password for the website.

I am using 1Password X on Firefox in Windows. I face the same issue on my Android device as well.

Some images that might help.



1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @iamharshkumar97 ,

    I am unable to get to that PIN field since I don't have a real account on the website, but I think you provided enough information here to show the issue as it is.
    The problem with that field is that it does not have a name or an ID tag. It only has a label and a placeholder, but they do not define the field or give it a proper pointer for 1Password.

    If adding a custom field called "PIN" and setting it as a password field did not help, then there's not much to be done here except contacting their support and asking them to properly design this field with a name and/or id (e.g. name="PIN", id="oneTimeCode"). Then you should be able to work with that custom "PIN" field.

    On a different note, I don't quite understand what is the purpose of this pin code field. If it is the same static password every time, how is it 2FA? The whole point is to add another layer of defence that is not static, so that if someone steals your credentials he won't have the current relevant changing 2FA, but with this static PIN field your credentials can be stolen and that PIN field would be just as useless as your password since it is also stolen. Perhaps I'm missing something here but it seems like an unnecessary step, unless they make it a true 2FA with a one-time-passcode.

  • iamharshkumar97
    iamharshkumar97
    Community Member

    Thank you @Yaron
    I have contacted the developers regarding this but I don't have much hope that they will do something.

    But I did get a response as to why they use this. Apparently the market regulators made it mandatory to use static PIN historically and gave permission for TOTP last year. The broker of course did not inform the users.

    Anyways I am shifting to TOTP now.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Glad to hear you are able to switch to proper TOTP's @iamharshkumar97 !

    Feel free to let us know if you need further assistance with anything else :chuffed:

This discussion has been closed.