Skip to main content
zcutlip
April 30, 2022
Question

Accounts where TOTP code should be appended (or prepended) to the password

  • April 30, 2022
  • 63 replies
  • 2444 views

This may be a bit of a corner case request, but here goes...

There are some websites (looking at Etrade.com!) where the 2FA TOTP code needs to be silently appended to the password in the same field. There is no visual indication to remind you that a 2FA code is required, and if you forget it just tells you you entered the password wrong[1].

Another example is the login page to opnsense (and maybe pfsense?) router/firewall software. You can enable 2FA on your router, but then have to remember to concatenate the TOTP code just like on etrade.

It would be nice if I could edit or otherwise flag that login item so 1Password knows to automatically concatenate the password and the 2FA code for me so I don't forget.

[1] Admittedly, there's a "use security code" checkbox that reveals a 2FA field, but if you've remembered to check that box, you've remembered you need a 2FA code, so that's not really the issue


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

63 replies

1P_Dave
1Password Employee
October 21, 2024

@ckwebz

Thank you for the feedback! I've filed your request with our product team. 🙂

-Dave

ref: PB-43597300

December 12, 2024

Just bumping this request again, as I just realized how much worse this is when trying to login to my OPNsense router while using a mobile device! It’s only a minor annoyance on a desktop computer, where you can quickly switch between apps (or by using a macro based system with the CLI tool, as I mentioned earlier in this thread). But on mobile it’s next to impossible!

1Password Employee
December 13, 2024

@melorama, Thank you for bumping the thread. I'm sorry you're experiencing difficulties filling in your Login for OPNsense on your mobile device. I've shared your comment with our product team.

If you're using iOS or Android, when you utilize the autofill feature from the 1Password app, the one-time password will be automatically copied to your clipboard as long as Copy One-Time Passwords is toggled on in the app settings. After that, you can paste the code before or after the auto-filled password. Are you experiencing different behaviour?

-Evon

January 9, 2025

@1P_Evon The issue with that—at least with the current version of 1Password on iOS (8.10.56)—is that 1Password will autofill the password field, and also submit the login form at the same time it copies the OTP code to the clipboard. This results in the password field becoming reset due to the submitted password being incorrect. So you never get a chance to prepend the copied OTP code to the auto-filled password before the login form gets auto-submitted.

In which case, you'd need to manually switch back to the 1Password app, copy the OTP field, switch back to Safari, paste in the code, then switch back to 1Password, copy the Password field, switch back to Safari, tap the password field, try to manually move the cursor to the end of the previously entered OTP code, long press to bring up the "Paste" option, tap on "Paste", then tap on the "Login"button.

Oh, and you have to make sure that you do all of this before the TOTP code expires. And you also have to completely disable the Autofill feature in the iOS settings, which severely limits the convenience of using 1Password on iOS.

So I effectively cannot login to my OPNsense router on iOS unless I either completely disable Autofill, or if I insecurely manually concatenate the OTP and static Password in a notes app or something via copy paste from the 1Password app, then manually copy/pasting the concatenated password back into the Safari password field. And again, trying to do this all before the OTP code expires.

1Password Employee
January 9, 2025

@melorama,

Thank you for your reply. Could you please temporarily turn off 1Password for Safari and make sure you are auto-filling directly from the 1Password app? Keep in mind that while the 1Password app auto-fills, it does not automatically submit your information- that feature is exclusive to 1Password for Safari. Moreover, auto-filling from 1Password for Safari does not copy the one-time password.

  1. Open the Settings app on your iOS device.
  2. Tap Apps > Safari > Extensions > 1Password.
  3. Turn off Allow Extension.

After that, navigate to the website and select the Login item or key icon 🔑 above the keyboard to Autofill from the 1Password app.

Let me know how that goes.

-Evon

January 9, 2025

@1P_Evon Ah, thanks for that tip! That definitely helps ease some of the pain of logging in via Safari on iOS.

1Password Employee
January 9, 2025

@melorama

You're welcome. I'm glad to hear that helped. 🙂

-Evon

January 9, 2025

Oh dear, I spoke too soon. As it turns out, turning off the extension will turn off the extension for ALL devices that are logged in to the same iCloud account. So when I disable the 1Password extension on my iOS device, the Safari extension on my Macs also become disabled (and vice versa).

So this is still a kludgey "workaround" (albeit admittedly so far the simplest workaround) until either OPNsense, USAA et. al., all start redesigning their login forms to have dedicated OTP fields (https://github.com/opnsense/core/issues/6310), or 1Password adds a custom "dynamic field" option, as mentioned earlier in the thread.

1Password Employee
January 9, 2025

@melorama

When turning off the 1Password extension on your iOS device, is there an option at the bottom of the window to Share across devices?

Turning off 1Password for Safari was a temporary step to check if you can autofill from the 1Password app instead. You can re-enable the 1Password extension in Safari and continue to use the Autofill from the app by selecting your item from above the keyboard.


On another note, if you'd like to turn off the Autosubmit specifically for your OPNsense Login item, here are the steps:

  1. Open Safari.
  2. Tap the extensions icon in Safari's address bar and select 1Password.
  3. Tap your Login item.
  4. Tap the three dots and select Don't sign in automatically.

Here's a screenshot for reference:

Let me know how that goes.

-Evon

Bhellx
January 14, 2025

Just checking in: How close are we to a checkbox / setting that appends the OTP to the password? Is this item on a development map of does it just live in this forum? Do we ever hear back from the product team?