Skip to main content
zcutlip
April 30, 2022
Question

Accounts where TOTP code should be appended (or prepended) to the password

  • April 30, 2022
  • 63 replies
  • 2444 views

This may be a bit of a corner case request, but here goes...

There are some websites (looking at Etrade.com!) where the 2FA TOTP code needs to be silently appended to the password in the same field. There is no visual indication to remind you that a 2FA code is required, and if you forget it just tells you you entered the password wrong[1].

Another example is the login page to opnsense (and maybe pfsense?) router/firewall software. You can enable 2FA on your router, but then have to remember to concatenate the TOTP code just like on etrade.

It would be nice if I could edit or otherwise flag that login item so 1Password knows to automatically concatenate the password and the 2FA code for me so I don't forget.

[1] Admittedly, there's a "use security code" checkbox that reveals a 2FA field, but if you've remembered to check that box, you've remembered you need a 2FA code, so that's not really the issue


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

63 replies

DenalB
July 23, 2024

@1P_Evon

Can you provide examples of websites you've encountered that require a one-time password to be entered with a password into one field?
https://1password.community/discussion/106003/special-2fa-on-mailbox-org
https://1password.community/discussion/117820/paste-totp-code-directly-behind-my-password

In short:
https://login.mailbox.org/en

The password field has to be filled with a 4 digits code (password) followed by the latest TOTP code.

1Password Employee
July 23, 2024

@DenalB,

Thank you for providing the examples. 🙂

-Evon

August 19, 2024

@1P_Evon

Thank you for the report! Can you provide examples of websites you've encountered that require a
one-time password to be entered with a password into one field?

-Evon

Just to add another example, we use pfSense for our VPN, which requires TOTP + PIN.
https://www.netgate.com/blog/freeradius-on-pfsense-for-2fa

1P_Dave
1Password Employee
August 19, 2024

@btr

Thank you for the example! So that the team can look into this further, could you please send the page structure of the webpage in question to our support team? Follow these steps:

  1. Open the website in question until you can see the password/PIN field that you're referring to.
  2. Right-click on the page and click "1Password - Password Manager" > Help > Collect Page Structure.

Attach the resulting JSON file to an email message addressed to support+forum@1password.com.

With your email please include:

You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here. Thanks very much!

-Dave

August 20, 2024

Hi @1P_Dave

I use the standalone https://openvpn.net/client/ client for Windows to connect to our VPN, so I need to manually copy/paste the TOTP value from 1Password.

Taking my hand off the mouse to type the PIN before pasting the TOTP each time is the annoying part.

1P_Dave
1Password Employee
August 21, 2024

@btr

Thank you for the clarification. I've passed your use case along to the team. 🙂

-Dave

ref: PB-41768991

zcutlip
zcutlipAuthor
September 10, 2024

Hi, it's been a while since I checked in on this thread (I'm the original poster for this one).

I'm seeing requests for examples, so I'll go ahead and mention again the website that brought me here to start with: etrade.com.

The Etrade login dialogue has an optional checkbox for to reveal a third entry field for the security code. However this doesn't help the case where you forget you've got a 2FA code on this site, or you're using 1Password to auto-fill the login.

See attached screenshot.

I'll also second (third?) the OpnSense firewall (and I suspect PFSense as well?).

Bhellx
October 7, 2024

I just ran into this while attempting to add MFA to our Sophos VPN. It wants it appended to the password, so please consider adding this feature. Any reason a user has to NOT use our password manager works against our user adoption efforts. We are very pleased with 1password and your efforts to make improvements.

1P_Dave
1Password Employee
October 7, 2024

@Bhellx and @zcutlip

Thank you for those examples! I've passed them, and your feature requests, along to the team. 🙂

-Dave

ref: PB-43137491
ref: PB-43137543

October 18, 2024

My team would be a +7 looking for this feature to be implemented in all 1Password apps. The "dynamic password" mockup proposed by @melorama looks perfect! We would use this for login to Sophos firewall portals and when using the VPN app. Password is a concatenation of our network password plus the one-time password (ie. Password123456). Currently we need to juggle the app to copy/paste multiple values before the OTP expires.

  • Dave