Add id="totp" to TOTP input field for password manager auto-detection#321
Add id="totp" to TOTP input field for password manager auto-detection#321CGHoussem wants to merge 1 commit into
id="totp" to TOTP input field for password manager auto-detection#321Conversation
|
|
autofill=one-time-code This should be the way to go from my understanding. https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Attributes/autocomplete |
I have first tested to set the What worked for me either adding the field I suggest updating the value of the twofactor_totp/js/settingsview.js Line 23 in c14776b If you are okay with the idea, I'll update the PR |
dj4oC
left a comment
There was a problem hiding this comment.
Adds id="totp" to the TOTP challenge input so password managers can target the field for autofill.
Findings
- Security: no findings — purely a DOM id attribute on an existing form field, no new data exposure or behavior change.
- Stability: no findings — single-line, non-breaking template change.
- Performance: no findings.
- Test coverage: n/a for a static template attribute; no existing test asserts on this markup.
- WCAG 2.2: no regression — an
idaddition doesn't change the accessible name; note there's no associated<label for="totp">in this template, so if a future pass wants to improve accessibility further, wiring a label to this id would be the next step, but that's out of scope for this PR.
Verdict
Approved — low-risk, useful UX fix.
🤖 Automated review by Claude Code (security · stability · performance · coverage)
Generated by Claude Code



This change adds an
id="totp"attribute to the TOTP input field on the login page.This helps password managers (such as Bitwarden, 1Password, and others) automatically detect and eventually fill the TOTP code field when using saved logins that include a 2FA token.
Why
Without a clear identifier, most password managers fail to recognize the TOTP input automatically, forcing users to manually copy/paste the 2FA code.
This small change improves usability and accessibility for users who rely on password managers.
Testing