Setup verification codes

@shhh

Thank you for the suggestion! I can definitely see how 1Password in the browser detecting and offering to save one-time passwords for a website, even if you don't already have an existing Login item, would be useful and I've passed your request along to the product team.

-Dave

ref: PB-31067141

since 2FA one-time passwords are an additional factor

1P_Dave Well, I might have chosen to skip saving the item in 1Password on the login/password page but when I see the QR code I want to change my mind and save the item. I realize that the username/password is no longer available to 1Password but it could offer to create a new item with just the QR code and leave it to me to add the username/password later.

@shhh

I'm glad that you got it working and I'm sorry for the confusion. 🙂

This assumes that a Login item already exists for the site. If it does not, then I do not get that Scan QR code option

Yes, you'll need to have first saved a Login item for a website in 1Password before you see the "Scan QR Code" option when using 1Password for Safari since 2FA one-time passwords are an additional factor and require that you already have the primary factor (the website's password) saved in 1Password.

-Dave

Ah I see the issue. For some reason, Rudy's link above has the word denied: in front of otpauth:// which makes it invalid. When I remove that, it works fine. When I paste it in Safari, it asks to open in 1Password and presents a list of all Login items to search. When I pick an item, it pastes the seed into the one-time password field to generate the TOTP codes going forward.

I suggest that you scan it using the "Scan QR Code" feature built into 1Password for Safari on iOS

This assumes that a Login item already exists for the site. If it does not, then I do not get that Scan QR code option

Copying and pasting Rudy's link into Safari's address bar gave the same error so I am guessing the link is invalid.

I do not have an actual app at this time, I am just trying to understand how to use the feature. As I mentioned earlier, even when I go to your test page at https://fill.dev/form/registration-2fa in Safari, I do not see the 1Password extension kicking in. The otpauth:// link on that page is not clickable and I am unable to copy/paste it either.

@shhh

The otpauth:// link that Rudy posted was just an example. Try copying and pasting the link into Safari's address bar.

Do you have an actual app that is offering you an otpauth:// link that you're trying to use the feature with?

-Dave

. If an iOS app offers you an otpauth:// link and you open it, then iOS will pass the TOTP secret in that otpauth:// link to the authenticator app that you've selected for the feature. If that authenticator app is 1Password then you'll be given the chance to save the secret in 1Password.

1P_Dave Did you see my previous comment? When I tap on the otpauth:// link, I get an error, it does NOT open 1Password, which is what I have selected in iOS Settings > Passwords > Setup verification codes using ....

@shhh

The "Setup Verification Codes Using..." feature is handled by iOS Password AutoFill. If an iOS app offers you an otpauth:// link and you open it, then iOS will pass the TOTP secret in that otpauth:// link to the authenticator app that you've selected for the feature. If that authenticator app is 1Password then you'll be given the chance to save the secret in 1Password.

For example, if you enable two-factor authentication (2FA) for your Twitter account using the Twitter iOS app, you'll see a button in the Twitter app called "Link app". If you tap on that button iOS will open 1Password so that you can save your 2FA one-time password for Twitter in 1Password.

This feature doesn't work with QR codes and if you're being offered a QR code (and not an otpauth:// link) when you enable two-factor authentication for a website then I suggest that you scan it using the "Scan QR Code" feature built into 1Password for Safari on iOS: Get to know 1Password for Safari on your iPhone or iPad

Let me know if you have any questions. 🙂

-Dave

I think the purpose of this iOS platform feature is two-fold: it both allows induction of codes (as rudy describes) and auto-fills codes when needed. Rather, this is how the feature is supposed to work. For example, this article shows how it functions using iCloud Keychain: https://tidbits.com/2021/10/07/add-two-factor-codes-to-password-entries-in-ios-15-ipados-15-and-safari-15/. See this screenshot from the article:

If 1Password fully supports this feature, the benefit is not with websites. As @shhh says, the 1Password browser extension already does a fabulous job with that. The real win would be when logging into apps: iOS would offer the OTP in that strip above the software keyboard, pulled from 1Password. In other words, we wouldn't need to use the "copy OTP to clipboard" feature of 1Password anymore.

I hope the team is working on full support for this feature, because it is in my book the only "less than perfect" aspect of filling passwords in an app. Don't get me wrong: I am grateful for the cleverness of the "copy OTP to clipboard" feature. Filling OTPs with the platform "verification codes" feature, however, would just smooth out the user experience.

Hmm when I tried again I do see that the link is clickable on this page but when I click it in get an error

I'm not sure if you are a 1Password team member and I realize this is beta software but I'm still unclear on what the user experience here should be. What was the intent 1Password had when the app was enhanced to add 1Password as an option on the iOS Settings Password Options? As I mentioned, the desktop experience provided by the Scan QR code feature is superb. I just don't understand how the iOS feature provides that functionality. Are you expecting users to copy paste otpauth URLs manually?!