One time password showing "invalid secret key"

There are two ways to enter a one time password secret key into any authenticator app. Unfortunately the current version of Minimalist only understands one of them. This was an oversight on our part and will be corrected in the next update. Luckily there is a fairly easy work around.

Why is this happening and how to correct it?

There are two ways to enter a one time password secret key into any authenticator app:

  1. Entering the secret key directly, usually via copy/paste:
    • I65VU7K5ZQL7WB4E
  1. Scanning a QR code which generally results in a URL:
    • otpauth://totp/totp@authenticationtest.com?secret=I65VU7K5ZQL7WB4E&issuer=AuthTest

When originally adding one time password support to Minimalist, we deferred handling of URLs because we hadn’t added a QR code scanner yet. However we didn’t consider that people would be importing from other apps which had already scanned a QR code.

This was an oversight on our part. Luckily there is an easy work around. Simply modify the URLs to remove all the but the actual secret key:

  • otpauth://totp/totp@authenticationtest.com?secret=I65VU7K5ZQL7WB4E&issuer=AuthTest

becomes

  • I65VU7K5ZQL7WB4E

Easy peasy!

Will I always have to do this?

No. The next version of Minimalist will properly handle both URLs and secret keys directly. After that we'll start work on the QR code scanner! Learn more about upcoming features on our Road Map.

Frequently Asked Questions

Questions? Suggestions? Feedback?

We're on a mission to make Minimalist the best password manager for iPhone, iPad, and Mac. We'd love to hear from you!

Start Loving Your Password Manager Again

Try Minimalist for free with a 10 password limit. No credit card or subscription required. Never expires.