Digital Self-Defense Knowledge Base

    Using 1Password to Manage One‑Time Passwords (TOTP)

    A One‑Time Password (OTP), more specifically a Time‑basedOne‑Time Password (TOTP), is a temporary 6‑digit code thatchanges every 30 seconds.
    It is used as a second factor of authentication in addition to a username and password.

    Many users are familiar with Google Authenticator, which is a standalone app that stores TOTP secrets only on a singledevice unless manually migrated. If that device is lost or reset without a backup, all TOTP keys can be permanently lost, potentially locking users out of accounts.

    1Password provides a better solution by storing TOTP secrets directly inside the related Login item:

    • TOTP codes sync securely across multiple devices

    • TOTP secrets are backed up as part of the1Password vault

    • TOTP codes are (frequently) automatically filled with the password

    • Access is protected by the same strong encryption as passwords

    • Ideal for teams using 1Password Business

    In most cases, TOTP is added after a Login item already exists.

    Best Practices and Notes

    • Avoid using standalone authenticator apps when 1Password is available

    • Ensure users are signed into 1Password on at least two devices

    • Do not delete Google Authenticator entries until 1Password TOTP is verified

    1. 1

      Prerequisites and One‑Time Setup: macOS

      Before adding a One‑Time Password, 1Password may require permissiont o view your screen so it can detect QR codes.

      macOS – Screen Recording Permission

      1Password may prompt for Screen Recording access when attempting to detect a QR code.

      Steps:

      1. Open System Settings

      2. Go to Privacy & Security

      3. Select Screen Recording

      4. Enable the toggle for 1Password

      5. Quit and reopen 1Password if prompted

      This permission is only used to detect QR codes and does not record or store screen content.

    2. 2

      Prerequisites and One‑Time Setup: Windows

      Windows – Screen Capture Permission

      On Windows, 1Password may request permission to capture the screen to detect QR codes.

      Steps:

      1. When prompted, select Allow for screen access

      2. If detection does not work, ensure 1Password is up to date

      3. Restart 1Password after granting permission

    3. 3

      Adding a One‑Time Password Using a Phone (Scanning a QR Code)

      Use this method when the QR code is displayed on your computer screen and 1Password is installed on your phone.

      Step 1 – Open the Login Item in 1Password(Phone)

      Open the 1Password mobile app on your phone (iOS orAndroid).
      Locate and open the existing Login item for the website or service.

      Step 2 – Edit the Login Item

      Tap Edit in the upper‑right corner of the Login item.

      Step 3 – Add a One‑Time Password Field

      Tap Add More or Add New Field.
      Select One‑Time Password.

      Step 4 – Scan the QR Code

      When prompted, allow camera access if requested.
      Use your phone to scan the QR code displayed on yourc omputer screen.

      1Password will automatically save the TOTP secret to the Login item.

      Step 5 – Save and Verify

      Tap Save.
      Confirm that a 6‑digit code appears and refreshes every 30 seconds.

      The One‑Time Password is now linked to the Login item and will (frequently) autofill when signing in.

    4. 4

      Adding a One‑Time Password Using 1Password on macOS or Windows

      Use this method when working directly on your computer.

      Step 1 – Open the Login Item

      Open the 1Password desktop app.
      Locate and open the existing Login item for thesite.

      Step 2 – Edit the Login Item

      Click Edit.

      Step 3 – Add a One‑Time Password

      Click Add More (or + AddField).
      Select One‑Time Password.

      Step 4 – Allow QR Code Detection

      If a QR code is visible on your screen, 1Password will attempt to detect it automatically.

      If prompted:

      • Approve Screen Recording / Screen Capture permissions

      • Retry detection after restarting 1Password if necessary

      Step 5 – If QR Code Is Not Detected

      If 1Password does not detect the QR code automatically:

      1. Click something like Enter Setup Key Manually or Cannot scan QR Code

      2. Copy the setup key / secret from the website

        • This may be labeled “Manual Entry,” “Setup Key,” or “Secret Key”

      3. Paste the key into 1Password

      4. Confirm the time‑based code appears

      Step 6 – Save and Verify

      Click Save.
      Ensure the One‑Time Password generates a rotating 6‑digit code.

      The Login item will now autofill:

      • Username

      • Password

      • One‑Time Password