1Password for iOS Updated With Auto Copy Feature to Make One-Time Passwords Easier to Use

Discussion in 'iOS Blog Discussion' started by MacRumors, Jul 17, 2017.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    AgileBits today updated 1Password for iOS, introducing a new auto copy feature that's going to make it a lot easier to use two-step authentication for various apps and services.

    Whenever you use 1Password to sign into a service on your iPhone that features 1Password integration, the app will now automatically copy any one-time passwords you have associated with that login. That speeds up the login process, because you can have 1Password fill in your account details, and then at the two-factor verification step, the requisite short-term password is already copied to your clipboard.

    [​IMG]

    In the screenshot above, for example, I used 1Password to log in to my Dropbox app. Dropbox has 1Password integration, so I just need to tap the 1Password button to fill in my account details and then choose the appropriate account. As 1Password is adding my details, my one-time password for Dropbox's two-step verification process is also copied, so it's super simple to log in.

    Prior to this change, to log in to Dropbox, I'd have to open the 1Password app separately to get the one-time password, negating the usefulness of the integrated login feature.

    The update also features the ability to create vaults for 1Password.com accounts, support for Korean, and a tweak that causes item creation and modification dates to now appear in item details. There are also several minor bug fixes and other small improvements, like better translations and the addition of previously used passwords for all categories that support them.
    1Password for Mac has also been updated with the same features that were added to iOS, but the update has not yet been made available for the Mac App Store. It should be coming soon.

    1Password can be downloaded from the App Store for free, but will require a subscription to unlock the app's full feature set. [Direct Link]

    Article Link: 1Password for iOS Updated With Auto Copy Feature to Make One-Time Passwords Easier to Use
     
  2. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #2
    Just tried it, and it worked as noted above. Very nice feature. Would be nice if it could also work from Safari web as well.
     
  3. CarlJ macrumors 68000

    CarlJ

    Joined:
    Feb 23, 2004
    Location:
    San Diego, CA, USA
    #3
    I love 1Password, but they're going to have to work very hard to get me to give up Authy for one-time passwords. I'll have to take a look at this.
     
  4. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #4
    It is very easy to set up one-time passwords in 1password. I ditched Authy and haven't regretted it.
     
  5. farewelwilliams macrumors 65816

    Joined:
    Jun 18, 2014
    #5
    i gave up on authy. so much better to go with 1password. no need to fiddle with two separate apps.
     
  6. hansenc macrumors 6502

    hansenc

    Joined:
    Jun 16, 2004
    #6
    you can setup both apps if you want... I'm starting to migrate everything into 1Password.
     
  7. jclo Editor

    jclo

    Staff Member

    Joined:
    Dec 7, 2012
    Location:
    California
    #7
    I actually like it better than Authy just because it's simpler having everything in one place, but I am lazy and haven't transferred everything over because it is a hassle to change two-step verification apps.
     
  8. mpavilion macrumors 6502a

    Joined:
    Aug 4, 2014
    Location:
    SFV, CA, USA
    #8
    I use pwSafe.... its iCloud integration (both for backup/restore and sync btw. devices) is flawless. I am missing out on anything?
     
  9. Fiestaman macrumors regular

    Joined:
    Feb 7, 2009
    #9
    I nuked Authy once they had their system easily circumvented in 2015. Lost all faith at that point. Switched to 1Password and never looked back. QR code scanning and everything in one place is super useful.
    I've been using this new OTP to clipboard feature for the last two or three months on beta and it's probably the most welcome feature addition in a long time. There's no excuse not to use 2FA now.
     
  10. lsutigerfan1976 macrumors 68000

    Joined:
    Sep 14, 2012
    #10
    This is great but I think iOS 11 offers this anyhow. I noticed testing iOS 11 out that it pretty much fills in my username and password info on safari for me. And in apps, I just hit the icon and it does the rest for me.
     
  11. BenKingNTU macrumors newbie

    BenKingNTU

    Joined:
    Jan 24, 2017
    Location:
    Nottingham / Ocean
    #11
    Only works with Keychain though, so if you use Google Chrome on your Mac they're not going to sync, you'll have to use something like 1Password.
     
  12. chfilm macrumors 65816

    chfilm

    Joined:
    Nov 15, 2012
    Location:
    Germany
    #12
    I don't get it- how can I put a "one time password" into one password? What is that even- a one time password? Is this the kind of code that I get sent via text in a two factor auth app? Saving this would defy the purpose, wouldn't if? Can someone please explain this?
     
  13. BenKingNTU macrumors newbie

    BenKingNTU

    Joined:
    Jan 24, 2017
    Location:
    Nottingham / Ocean
    #13
    1Password generates the code. Same as one you'd receive over text, yes.
     
  14. mthomas184 macrumors 6502

    mthomas184

    Joined:
    Aug 11, 2016
    Location:
    Pittsburgh
    #14
    A One-Time password is the same thing as receiving the 6 digit code via Text. The difference is it is constantly generates a new 6 digit code every 30 seconds rather than you having to wait for the text to come through.
     
  15. johnmacward macrumors regular

    johnmacward

    Joined:
    Jul 12, 2011
    #15
    I never really got 1Password. I find it a little clunky and poorly designed in some regards (namely modifying existing passwords, adding extra sections, UI bugs a plenty) and because of that I'm so glad that Safari can now fill passwords in other apps - Safari syncs passwords around my iOS devices much better than 1Password. I have 1Password installed on my iPhone and iPad however it costs a bomb for the Mac (€69.99).
     
  16. mthomas184 macrumors 6502

    mthomas184

    Joined:
    Aug 11, 2016
    Location:
    Pittsburgh
    #16
    That's odd. I've never had an issue with 1Password. It has always worked flawlessly for me.

    I will admit, it is expensive, but I think its worth every penny. Keychain has failed me on quite a few occasions.
     
  17. lsutigerfan1976 macrumors 68000

    Joined:
    Sep 14, 2012
    #17
    Oh ok. I see what you mean. Yeah I strictly use safari really.
     
  18. Crazy Badger macrumors 65816

    Crazy Badger

    Joined:
    Apr 1, 2008
    Location:
    Scotland
    #18
    This is a fantastic feature, and saves loads of time with a growing number of 2FA accounts I've got. It's a shame I can't add Apple 2FA to this list, as having to wait for codes on a device or via SMS is a poor replacement.
     
  19. CarlJ, Jul 18, 2017
    Last edited: Jul 18, 2017

    CarlJ macrumors 68000

    CarlJ

    Joined:
    Feb 23, 2004
    Location:
    San Diego, CA, USA
    #19
    To be clear, although the user uses it in a similar manner (enter username/password, get challenged for a code, get the code, type it in), the mechanism is both different, and more secure. And the code generated for 2FA (two factor authentication) is not the same code you would have been sent via text or email.

    With systems that send you a code, they generate a random number and both send the number to you (via text or email), and store it on their system for a limited time (could be 5/30/60 minutes, perhaps even a day, all depending on how they balance security/paranoia vs customer convenience). If you type in that code before they expire it off their system, you're in. And it doesn't really matter what number they choose, as long as a) it isn't easily predictable, and b) matches between what they generated and what you typed in.

    The problem is, if someone can intercept your email or text messages, then they can get that code too. This is easy enough with email if someone can get/guess your password, but it can happen with phones too: Say a bad guy calls up your carrier, pretends to be you, says they(you) are on vacation and somebody stole your wallet and phone and you just got a replacement phone, and darn it, just can't remember the code (or weird answer to a security question) right now, as that information is at home and you're on vacation and you really need the phone to work right now so you don't miss your flight/cruise/reservation/whatever. Social engineering 101. If they're skilled and emotional enough, and the customer rep wants to be helpful (and isn't vigilant enough), your carrier may end up changing the MEID/IMEI associated with your phone number, in your account, to the MEID/IMEI that the bad guy gives them for a phone he has (your "new phone"). Now the bad guy gets your text messages. And can use them to receive the needed security code for logging in to your account. And this is a thing that has actually happened. More than once.

    With 2FA systems, both the website/company, and the individual (and their phone or special security device) know a shared secret. Often a very large number or a non-trivial passphrase. And every minute (actually, they generally skip doing the work unless you ask) they take the current time, as a number, and encrypt it using that shared secret as a key, and then do someting to shorten in to a small number (say, 6-8 digits), either by using only the last/lowest 6-8 digits, or taking a checksum of the encrypted value. Given today's accurate, synchronized clocks (your phone can easily be within a second of the real time as can the website), now you've got a code number that can be matched between the two ends to verify that you both know the same original shared secret. And the code number changes every minute, in a way that is completely and utterly unpredictable without the shared secret. It doesn't matter (to the security of this test) if anyone can read your email or text messages, because the website/company isn't sending you anything right now - your shared secret was chosen long ago. (And even if someone gets the code number right now, say by looking over your shoulder, in less than a minute that particular code number will be useless.)

    So, both systems end up with a 4-8 digit number for you to put in after your password, but the mechanism behind the scenes is quite different, as is the resulting level of security. The code-sent-via-text method is better than only having a password, but it can still be subverted by a determined attacker. The shared-secret method is much harder to break (they need to find a flaw in the 2FA implementation, or hack into the website or your phone to obtain the shared secret - which, hopefully, isn't sitting around in plaintext on either end).

    And it seems that 1Password (which I've happily used for many years) can now handle the real-time generation of these one-time codes (indeed, it seems it's been able to do so for quite some time - I hadn't been paying attention - and now makes it more convenient). As a number of kind forum members have pointed out in response to my previous post (Thank you, @BasicGreatGuy, @farewelwilliams, @jclo, and @Fiestaman!). Clearly I need to look into this.

    Footnote for those suggesting Safari & Keychain, vs. 1Password: Keychain, for storing website passwords, is good, as far as it goes, but it's mostly limited to Safari. Not as helpful with other browsers. And I also use 1Password for storing a variety of information I may need to access but want locked away (e.g. my wife's SSN). Keychain isn't very helpful in this regard - you can make notes in Keychain Access on the Mac, but they not well-organized, and there's no equivalent iOS app. 1Password is great for this kind of stuff (and it's cross-platform as well).
     
  20. Crazy Badger macrumors 65816

    Crazy Badger

    Joined:
    Apr 1, 2008
    Location:
    Scotland
    #20
    2FA has been in 1Password for some time. What they've just added is copying it to the clipboard after using 1Password to enter the username and password, so you simply paste in the 2FA code rather than having to go and find it and copy/paste manually. A small thing, but incredibly useful!
     
  21. chfilm macrumors 65816

    chfilm

    Joined:
    Nov 15, 2012
    Location:
    Germany
    #21
    sounds awesome - I'll have to read into the manual in order to understand how that works.
     

Share This Page