STRIP's New TOTP Feature Explained

2014-05-22 14:55:56 -0400

It seems that in announcing STRIP's new support for generating time-based one-time passwords (also known as TOTP passwords or TOTP access codes) for use with two-step verification in popular web services like Dropbox and Google accounts we may have confused some of our customers on its utility and use. Two-step verification (also called two-factor authentication and multi-factor authentication) is an additional check performed when you log in to a web service to protect your account should someone else obtain your password. When two-step verification is in use the web service prompts you for an access code to verify that the person using your password is really you. Google has a good explanation of what it is and how it works over here.

There are two main ways that you obtain the six-digit access code to prove your identity to the service:

  1. The service sends you a six-digit access code (the TOTP password) via SMS
  2. You generate the six-digit access code using a key supplied by the service

How does STRIP fit in?

When enabling two-step verification (for example with Dropbox or Google) you are typically prompted to choose either receiving the codes via SMS or generating them yourself. If you choose the latter, you can simply paste the key supplied by the service into STRIP and it will begin generating six-digit access codes you can use to verify your identity. We've got a short screencast that takes you through the process of enabling two-step verification in Dropbox and configuring STRIP to provide the correct access codes:

Enabling Dropbox 2-Factor Authentication with STRIP for OS X from Zetetic on Vimeo.

Once you've saved the key to a TOTP field in STRIP the current access code will always be displayed on the record. The next time you need to supply the code on login to the service, just pop over to STRIP and copy the current code, no need to do anything else with they key.

Two-step verification is not used for logging into STRIP, we didn't mean to suggest that it was. To log into STRIP you only need to provide your master password as before.

If you are having trouble using the feature or any questions at all, please get in touch at

blog comments powered by Disqus