1

Adding 2FA Auto-completion for PW Managers

  • Live

Avatar
Ken Verhaegen

When filling in with a password manager (eg. LastPass, 1Password) - the 2FA input field doesn't take auto-filled data.

A possible fix for this would be to add an attribute so the password manager knows where to fill in this code.

autocomplete="one-time-code"


A

Activity Newest / Oldest

Avatar

Dennis

Status changed to: Live

Avatar

Dennis

Status changed to: In progress

Avatar

Dennis

Status changed to: Under review

Avatar

Dennis

I'm not up to speed with this. Are you using 2FA with 1password? Is that a thing? Let me know!


Avatar

Ken Verhaegen

Hi!
Yes, both LastPass & 1Password are able to take OTP secrets and mitigate the use of Google Authenticator or Authy. Both have browser integration and look for this autocomplete attribute to fill in the code.
Authy also has browser integration.
In a mobile web browser this can take a recently received SMS-code, or again: open the Authy/1PW/.. app.
I'm not well known with Apple's integration (SMS Code, fingerprint) but it should use this same method afaik.

The spec regarding autocompletion:
html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofilling-form-controls:-the-autocomplete-attribute

For the login form, you can also prepare for this:
autocomplete="username"
autocomplete="current-password"
(username = email in Ploi's case)

For the register form:
autocomplete="name"
autocomplete="username"
autocomplete="new-password" (both password & password_confirmation fields)

For the password forget form:
request => username
reset => new-password, twice again

Resetting the password via settings:
autocomplete="new-password"
(to prevent auto-filling the current one)


Avatar

Dennis

Can you test the 2FA & login for me? We've made some changes.


  • Avatar
Avatar

Ken Verhaegen

1Password autofill now works! 🎉 (2FA)

LastPass seems to fail seeing that it's something it can fill in. But that's LP's problem, ofc.


Avatar

Ken Verhaegen

You do seem to have used "email" instead of "username" at login.
In web browser this works,
Mobile however, this doesn't seem to work (screenshots)


Avatar

Ken Verhaegen

Woop. 🎉


Avatar

Dennis

Ah ok! So this is now working properly?


Avatar

Ken Verhaegen

It's a bit finicky on the mobile side. (probably because you used `autocomplete="email"` still)
On desktop **It just works™**

But to me, the 2FA field was most apparent & is now working perfectly with 1password ♥


  • Avatar
Avatar

Dennis

The autocomplete="email" field should be "username"? This won't conflict?