Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Solved
How to prevent one-time code from autofilling?
I'd like to use 1password for my authenticator, but not if it autofills the 6 digit code. That completely removes the security I need. Is there a way to prevent the autofilling of this informatio...
Hi paulcola,
I'm sorry logging into the Community was so onerous! If we can be of any help, please don't hesitate to email community@1password.com and we're happy to assist. I appreciate you persevering to share what functionality you're looking for.
Hilarious. I had to create a second account just to answer this question. I'm the OP with a different user because my password didn't work. I changed it by using Forgot Password. But when entering the new password, it wouldn't let me in (said it didn't recognize user or password). Then I changed it again, same thing. This along with many other weird ways 1password has acted during my testing (too many to list) has driven me away from using it. But i appreciate your response.
I wanted to at least say if I ever got a browser hijack (which has happened), then having the browser produce the 6 digit one time code completely removes the security that 2FA offers. If someone gets a hold of my laptop and gets into my browser, they don't need my phone to log into my sites. If a hacker hijacks my browser, they have instant access to anything I have (had) access to.
Anyway, if you reply and I don't, it's probably 1password community locking me out again for whatever reason. lol. Thanks for your time!
I wanted to at least say if I ever got a browser hijack (which has happened), then having the browser produce the 6 digit one time code completely removes the security that 2FA offers.
There are several browser compromise scenarios with different risks. Probably the worst and most common is token stealing, from which no previously used authentication process will protect.
I'm struggling to imagine the scenario in which you are using the 1Password extension in the browser and have all the credentials for a web site stored in 1Password, but autofilling (only) the TOTP code adds a risk.
Storing TOTP keys and passkeys outside 1Password mitigates risks not obviously related to autofilling at the cost of convenience and simplicity.
Using separate browser profiles, not storing site data beyond the session, and establishing a habit of logging out of sites and services goes a very long way to protect against many current realistic threats - even having your laptop stolen while in active use by an adversary wanting to access your data, which I hope is very unlikely in your case.
PS. I sympathise with your authentication struggles for reasons I won't mention here out of sympathy for poor, kind, and patient 1P_SimonH​.
