A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates a user for a single login session. OTPs are much more secure than static passwords as they are only valid for a short amount of time thus offering protection from replay attacks. Using an OTP means that you no longer have to worry about weak or guessable password composition habits. Also, OTPs greatly help mitigate risk in the case that you are sharing credentials on multiple accounts and systems.
Once you use a third-party authentication application to generate a secret key, you can safely store your new OTP code in MyGlue. The OTP code will be punctuated with spaces in the user interface but the spaces will be removed when pasting the code.
- Users with Read-Only or Lite roles must have access to the password to view and copy the OTP.
- Users with Creator and above roles must have access to the password to view, copy, add, and delete the OTP.
Creating OTPs for new passwords
- In MyGlue, navigate to Organization > Passwords. Click + New > Password.
- Enter your secret key in the One-time Password field from any third-party authentication application that you used to create the OTP. The secret key must be at least 16 characters long.
- Click Save.
- Navigate to Organization > Configuration. In the Embedded Passwords section of the side panel, click Add Password. Complete the fields and click Add to save your new password.
- Navigate back to Organization > Password and click to open the password you created in the last step. In the password show page, click Edit in the top-right corner.
- You can also click the embedded password link in the Configuration side panel to access the password's show page.
- Enter your secret key in the One-time Password field from any third-party authentication application that you used to create the OTP. The secret key must be at least 16 characters long and use Base32 formatting.
- Click Save.
Note: You can only create, view, and edit an OTP for an embedded password in its show page. You will not be able to complete these actions directly in the Configuration side panel of which the embedded password belongs to.
Viewing OTPs for existing passwords
Password list view
Navigate to Organization > Passwords. In the table, a check mark displayed in the OTP column indicates that OTP has been generated for that particular password.
Password view page
Navigate to Organization > Passwords. Open the password view page and click Show OTP to view the six-digit string as well as the remaining time of validity. Use the Copy to clipboard button to copy the OTP.
Note: Currently, the Copy to Clipboard function will only work in the Safari browser if the Show OTP field is expanded.
Launch the search function in MyGlue. Any password with OTP generated for it will display in the preview pane. You can also click Show OTP to view the six-digit string as well as the remaining time of validity directly in the preview pane.
MyGlue Mobile App
In the mobile app, you can view and copy the OTP generated for a password. Click the eye icon to view the six-digit string as well as the remaining time of validity. Click the eye icon again to hide the string and time bar.
MyGlue Chrome Extension
In the Chrome extension, you can view and copy the OTP generated for a password. Click Show OTP to view the six-digit string as well as the remaining time of validity. Use the Copy to Clipboard buttons to copy the OTP without viewing it.
Exports will indicate if a password has had OTP initiated for them.
Editing existing OTPs
Edit password page
Navigate to Organization > Passwords and open the password record. You will not be able to view or edit the secret key. Click the Clear button to remove the secret key if you have a Creator or above role in MyGlue.
Password revision confirmation page
Once you click Save, an orange banner will appear providing a link to the last saved version of the password record. Click the link to action that version.