Forum Discussion

klepp0906's avatar
klepp0906
Dedicated Contributor
4 years ago

Can someone shed some light on an inconsistency with the otpauth/totp protocol relative to Rift

In general 1passwords OTP has been great (so long as i disable darkreader it will pick up the QR codes without fuss :P) Its super convenient and I intend(ed) to exploit it to its fullest. AKA make it my one stop shop for all things that is security.

Unfortunately I've ran into some speedbumps. Companies like blizzard, glyph, daybreak, steam, and many others decided to make a proprietary application purely for that sole purpose (and siphoning data im sure, cause of course).

Anyhow, many of these ive been able to extract the secret key via applications like winauth and the like and get them into 1Password.

A few are hanging me up. At current its namely steam and glyph. From what I can gather, with steam this is due entirely to 1Password not supporting alphanumeric and only numbers. Devs seem to be stonewalling everyone requesting the addition, meanwhile each and every password manager I know of supports it. I guess you guys are aware that few people are going to unsub and go through migrating all their data over being inconvenienced by steamguard eh?

anyhow, I dont mean to be abrasive. Its an annoyance and a rather big one to me as a user over something trivial but something something about perspective.

the glyph OTP is a bit more confusing and thats what I meant to have as the focus of my post, pre digressing on a rant. winauth gives me otpauth://totp/Trion:Trion?secret=MYSECRETKEY&digits=8&issuer=Trion which is pretty generic/cookie cutter at first glance. I didnt expect any trouble.

It appears glyph OTP are only 6 numbers long, not 8. No idea why winauth is giving me 8 when the gui itself in winauth only presents 6 and as such, works as an authenticator.

1Password on the other hand is doing a few things wonkily. If i leave the digits as 8, the first 6 are correct and the last 2 cant be entered in the trion launcher as it only takes 6. Copy/pasta is no bueno, you'd be forced to enter it manually each time and ignore the last 2.

This was going to be my potential compromise but i quickly realized 1Password was somehow for some reason falling out of sync after a change or two or giving me the wrong OTP. Anyone know why this would be? It was purely with this specific entry. All my other OTP's are/were fine so not a time/date thing.

I tried changing the digits to 6 but it seems that 1Password then begins taking from the end and omits the first 2 digits instead of the last 2 in the OTP.

just hoping perhaps a user has had some experience with the trion worlds OTP for rift and might be able to point me in a different direction.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

windows

3 Replies

Sort By
  • DenalB's avatar
    DenalB
    Super Contributor
    4 years ago

    Actually, I have to use apps for Steam, Glyph and Battle.net to get notifications or OTPs in these apps. I would also like to have all OTPs in 1 app. It would be great if 1Password would be the one to get them all. 👍

  • klepp0906's avatar
    klepp0906
    Dedicated Contributor
    4 years ago

    From what I understand steam uses the same TOTP as everyone else, they just use some code to convert some of the numbers into corresponding letters.

    Either way, nothing can be done without intervention on your end, or valve's - at least without changing to another password manager.

    as for rift, they are all numbers so no idea whats going on or why i cant get that one functioning properly beyond the first number cycle or two.

    can you tell me if digits in totp are always read backwards? aka if I had a code that was 12345678 and I had digits=5 in my string would it be picked up as 12345 or 34567? trying to ascertain whether or not the behavior im seeing is due to 1password, due to the way the protocol works, or due to something else altogether (trion/glyph's implementation)

  • Jack_P_1P's avatar
    Jack_P_1P
    Icon for 1Password Team rank1Password Team
    4 years ago

    Hey klepp0906:

    Great question. We've discussed adding support for non-standard OTP implementations, but as it currently stands it's something we're unlikely to do. Because Valve is expecting that the authenticator app is the one they've released, if they were to make a change in the future that renders our algorithm inaccurate, you could potentially be locked out of your Steam account. I have a Steam account with many games too, and I'd love to keep all my one-time passwords in a single app, but if Valve or Glyph wants you to use their specific app for two factor authentication, we think we should respect that decision.

    Advocating for services to implement standards based one-time passwords is the best we can do for the moment.

    Jack