Skip to main content
zcutlip
April 30, 2022
Question

Accounts where TOTP code should be appended (or prepended) to the password

  • April 30, 2022
  • 63 replies
  • 2444 views

This may be a bit of a corner case request, but here goes...

There are some websites (looking at Etrade.com!) where the 2FA TOTP code needs to be silently appended to the password in the same field. There is no visual indication to remind you that a 2FA code is required, and if you forget it just tells you you entered the password wrong[1].

Another example is the login page to opnsense (and maybe pfsense?) router/firewall software. You can enable 2FA on your router, but then have to remember to concatenate the TOTP code just like on etrade.

It would be nice if I could edit or otherwise flag that login item so 1Password knows to automatically concatenate the password and the 2FA code for me so I don't forget.

[1] Admittedly, there's a "use security code" checkbox that reveals a 2FA field, but if you've remembered to check that box, you've remembered you need a 2FA code, so that's not really the issue


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

63 replies

1P_Dave
1Password Employee
May 15, 2024

@motivio

I don't have any updates to share but I can share your request for this feature with the team. Are you able to provide examples of websites that you've encountered that require the password + TOTP to be entered into one field? 🙂

-Dave

May 31, 2024

The opnsense administration web ui can be configured to require TOTP in the form of either TOTP + password or password + TOTP (Opnsense is an internally hosted router). One could manually assemble TOTP + password, but due to the ease with which 1password's "Save login" could overwrite my password with the recently entered TOTP + password combo, I'm forced to not use 1password for this site.

Please include my vote for this TOTP + password feature

1P_Tommy
1Password Employee
June 4, 2024

I've added you as a requester @knuggy14

ref: PB-40343498

June 30, 2024

Add me on this?

USAA, when configured with the "CyberCode Token" log-on method, takes a 4-digit static PIN + 6-digit TOTP token.

1Password Employee
July 4, 2024

@legowerewolf!

Thanks for sharing those details! I've submitted your request to the Product team.

-David

ref: PB-40789636

July 17, 2024

+1

This is even more important since Auto Fill again automatically submits username and password. For every website, where OTP is pre/appended I have to manually copy and paste username, password and OTP. Before the recent change in behavior, I would only have to copy and paste the OTP.

Can you please, please, please implement this?

1Password Employee
July 17, 2024

@Arno_Gramatke,

Thank you for the report! Can you provide examples of websites you've encountered that require a one-time password to be entered with a password into one field?

-Evon

ref: pb-40960303

July 17, 2024

Yes, the OPNsense login. We are working with a lot of these appliances and policy demands using 2FA.

https://docs.opnsense.org/manual/how-tos/two_factor.html#step-7-using-the-token

July 17, 2024

@1P_Evon It looks like a lot of people need this. And this request has been made in the forums for quite some time. What is the reason that this still has not been implemented? It would make my life a lot easier. ;-)

1P_Dave
1Password Employee
July 17, 2024

@Arno_Gramatke

Thank you for providing that example. I've passed it, and your request, along to the team internally.

Which features are implemented (and when) depends on a variety of factors that include: consideration for our existing product roadmap and planned features, urgent bug fixes that need to be prioritized over feature requests, available development resources, other customer feedback, and more.

-Dave

ref: dev/core/core#28432
ref: PB-40969463