Accounts where TOTP code should be appended (or prepended) to the password

Bringing back this thread from the dead…I just experienced another case on iOS where none of these workaround work. I recently deployed PiKVM units to assist with system administration tasks, and want to use its built in VNC server to connect to the KVM on my iOS devices. I’m using the “bNVC Pro” client, which is recommended by the PiKVM maintainers, and in order to authenticate to the VNC server when you have 2FA enabled, you need to append the TOTP to the account password when logging in via VNC.

Turns out you can’t do this easily using 1Password on iOS, because as an app, the authentication autofill process doesn’t seem to behave in the same way that it does in Safari. I still have to manually copy and paste the password and OTP separately, which is incredibly difficult to do.

Please give serious consideration to adding the “dynamic password” functionality which I posted a mockup of in this thread 3 years ago. It wouldn’t be surprising if many people disable OTPs on their accounts because it’s such pain to handle these types of situations on mobile devices. 

Bhellx

Thanks for following up. The feature request is still open with our product team but I don't have any news to share. Hopefully this is a use case that can be better accommodated in the future.

-Dave

ref: PB-43137543

Just checking in: How close are we to a checkbox / setting that appends the OTP to the password? Is this item on a development map of does it just live in this forum? Do we ever hear back from the product team?

melorama

When turning off the 1Password extension on your iOS device, is there an option at the bottom of the window to Share across devices?

Turning off 1Password for Safari was a temporary step to check if you can autofill from the 1Password app instead. You can re-enable the 1Password extension in Safari and continue to use the Autofill from the app by selecting your item from above the keyboard.

On another note, if you'd like to turn off the Autosubmit specifically for your OPNsense Login item, here are the steps:

1. Open Safari.
2. Tap the extensions icon in Safari's address bar and select 1Password.
3. Tap your Login item.
4. Tap the three dots and select Don't sign in automatically.

Here's a screenshot for reference:

Let me know how that goes.

-Evon

Oh dear, I spoke too soon. As it turns out, turning off the extension will turn off the extension for ALL devices that are logged in to the same iCloud account. So when I disable the 1Password extension on my iOS device, the Safari extension on my Macs also become disabled (and vice versa).

So this is still a kludgey "workaround" (albeit admittedly so far the simplest workaround) until either OPNsense, USAA et. al., all start redesigning their login forms to have dedicated OTP fields (https://github.com/opnsense/core/issues/6310), or 1Password adds a custom "dynamic field" option, as mentioned earlier in the thread.

melorama

You're welcome. I'm glad to hear that helped. 🙂

-Evon

1P_Evon Ah, thanks for that tip! That definitely helps ease some of the pain of logging in via Safari on iOS.

melorama,

Thank you for your reply. Could you please temporarily turn off 1Password for Safari and make sure you are auto-filling directly from the 1Password app? Keep in mind that while the 1Password app auto-fills, it does not automatically submit your information- that feature is exclusive to 1Password for Safari. Moreover, auto-filling from 1Password for Safari does not copy the one-time password.

1. Open the Settings app on your iOS device.
2. Tap Apps > Safari > Extensions > 1Password.
3. Turn off Allow Extension.

After that, navigate to the website and select the Login item or key icon 🔑 above the keyboard to Autofill from the 1Password app.

Let me know how that goes.

-Evon

1P_Evon The issue with that—at least with the current version of 1Password on iOS (8.10.56)—is that 1Password will autofill the password field, and also submit the login form at the same time it copies the OTP code to the clipboard. This results in the password field becoming reset due to the submitted password being incorrect. So you never get a chance to prepend the copied OTP code to the auto-filled password before the login form gets auto-submitted.

In which case, you'd need to manually switch back to the 1Password app, copy the OTP field, switch back to Safari, paste in the code, then switch back to 1Password, copy the Password field, switch back to Safari, tap the password field, try to manually move the cursor to the end of the previously entered OTP code, long press to bring up the "Paste" option, tap on "Paste", then tap on the "Login"button.

Oh, and you have to make sure that you do all of this before the TOTP code expires. And you also have to completely disable the Autofill feature in the iOS settings, which severely limits the convenience of using 1Password on iOS.

So I effectively cannot login to my OPNsense router on iOS unless I either completely disable Autofill, or if I insecurely manually concatenate the OTP and static Password in a notes app or something via copy paste from the 1Password app, then manually copy/pasting the concatenated password back into the Safari password field. And again, trying to do this all before the OTP code expires.

melorama, Thank you for bumping the thread. I'm sorry you're experiencing difficulties filling in your Login for OPNsense on your mobile device. I've shared your comment with our product team.

If you're using iOS or Android, when you utilize the autofill feature from the 1Password app, the one-time password will be automatically copied to your clipboard as long as Copy One-Time Passwords is toggled on in the app settings. After that, you can paste the code before or after the auto-filled password. Are you experiencing different behaviour?

-Evon