Are website prefixes https:// or www. necessary?

markaceto
markaceto
Community Member
in Mac

Importing passwords from Safari results in redundant websites.

For example:
1. amazon.com
2. https://amazon.com
3. www.amazon.com

Deleting #2 and #3 don't seem to be problem, but I just want to make sure before I do something I'll regret later.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • MrC
    MrC
    Volunteer Moderator

    @markaceto ,

    I believe 1Password defaults to the https protocol for sites that do not have the scheme present. So your 1 and 2 are identical when clicking Open and Fill.

    3 is technically not the same as 1. It is a convention that most site masters honor, but (1) could route to a different address than (3).

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Greetings @markaceto,

    If you're going through the website fields to clean them up then where possible I would recommend setting the field to the URL for the sign-in page. If it's a dedicated sign-in page, which Amazon has for example then you can use open-and-fill.

    To highlight the differences between 2 & 3, if you had two Login items, one for each you would find the keyboard shortcut ⌘\ would automatically select the www.amazon.com one. The reason is 1Password prefers a FQDN (Fully Qualified Domain Name) match over a match to only the registered domain name and Amazon's sign-in page is on www.amazon.com and not amazon.com. Both can fill the page but 1Password would favour one over the other and not prompt you to select one.

    If you have any questions about any of this please let us know.

  • markaceto
    markaceto
    Community Member
    edited February 2019

    @littlebobbytables ,

    Thank you! Is there a knowledge base article outlining this somewhere?

    Does 1P prefer https:// prefixes? Or does it treat them the same as www. ?

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @markaceto,

    I suspect there isn't an article covering this. I'm not aware of one although that certainly doesn't eliminate the possibility of it existing. At a guess part of our assumption will be that most Login items will be saved from inside the browser with the assistance of the extension. In those cases it should be correctly capturing the protocol and any subdomain as well as the path if that is needed for a dedicated sign-in page. I'm pretty sure some of my own Login items though predate my first usage of the extension as I was a big Opera fan back with 1Password 3 for Mac and prior to the switch to the Chromium codebase there was no 1Password extension for Opera. That's going back a while now :lol:

    If the protocol isn't present 1Password will assume and use https but if a site is still using an insecure connection the extension will record that when you save a Login item in the browser. Still, I like to make sure the URLs contain everything just for me but you could remove the https:// from the entries and everything would still work. If I'm manually altering a website field I tend to be copy and pasting from the browser address bar so it handles all of that for you.

This discussion has been closed.