Advanced URL matching?

natemara
natemara
Community Member
edited June 2019 in 1Password in the Browser

I am a current user of BitWarden, and I'm interested in 1Password, but there is a big feature of BW that seems to be missing from 1P. I have seen many support threads asking about how to get URLs to match in different strange scenarios. In BW, I can add multiple URIs to each login item, and each URI can have a matching algorithm associated with it. The algorithms are:

  • default
  • base domain
  • host
  • starts with
  • regular expression
  • exact
  • never

From what I can see, there are no such options in 1Password. Is this something that the team is looking into? I have attached a screenshot of what this interface looks like in BitWarden.

Here's the BitWarden documentation on this feature: https://help.bitwarden.com/article/uri-match-detection/


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Advanced url matching

«1345

Comments

  • arturoaubry
    arturoaubry
    Community Member

    Hey, @natemara

    I see how that would be useful to have in 1Password, though I'm not sure how many of 1Pass users would actually use it.

    I have to say, I'm not a 1Pass team member, but I've read in other threads that changing the URL matching behavior is not currently something the team is focused on (or will be).

    It's not they don't see how it could be of value for some of us, but rather the confusion it may cause or just not being useful to the majority of 1Pass users.

    I know it's probably not what you wanted to hear... Hopefully, this clarifies your doubts.

  • Hey @natemara 👋 Welcome to the forum. @arturoaubry's reply here (thank you for helping out the community :smile:) is pretty spot-on. This isn't something in the cards at the moment, but as the old adage goes, "never say never." Your feedback is appreciated, however; it's great to gauge interest of current or potential 1Password users, so thank you!

  • pratnala
    pratnala
    Community Member

    I would be interested in a feature like this too. Am migrating from Bitwarden as other features outweigh the negative of this lacking feature but it would still be good to have!

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @pratnala ,
    You can add multiple URLs to a single login item, which would allow 1Password to autofill the credentials in all of these URLs.
    However, 1Password does not have the option to give each URL a role or a "special algorithm". If the domain of the website matches the domain that is stored in 1Password, then 1Password will be able to autofill there. Even if there is a subdomain in the URL or if there are prefix/suffix on it.

  • aseaday
    aseaday
    Community Member

    +1. Trying to use the same password for www.example.com, www.example.ltd and www.example1.company, and more, which changes frequently. A better url matching capability is really needed...

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @aseaday ,
    The URLs you provided here as examples are completely different, and no advance matching would help in that case.

    Simply add all URLs to the same login item in new "website" fields and you will be able to autofill the same set of credentials in all of them.

  • aseaday
    aseaday
    Community Member

    Hi @Yaron , the problem is that this website changes its url all the time, for some reasons, but the url do follow a pattern which can be interpreted using a regex formula. Sometimes you visit an old url, www.example.com they will redirect you to www.example.ltd and the url matching won't work. You add the www.example.ltd to url matching today and tomorrow when you visit www.example.ltd or example.com they redirect you to www.example.xyz.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @aseaday ,
    That sounds like one crazy website. :)

    Websites should not change their base domain at any given time on a normal basis. They can add subdomains, they can add paths to their URL, but they should definitely not change their base domain. No password managers out there support it, not even the one that is built in your browser (like Chrome's autofill). It is dangerous as it is senseless.

    Imagine that a malicious 3rd party buys a .ltd domain with the same name of one of your most used websites, and tricks you into trying to log into it. 1Password will autofill your credentials there if we implement such a feature, and your credentials would be stolen.

  • pratnala
    pratnala
    Community Member

    @Yaron is there anything on 1Password's roadmap to have Bitwarden style URL matching options?

  • ag_ana
    ag_ana
    1Password Alumni

    Not yet @pratnala, but this is something our developers are aware of :+1:

  • discofris
    discofris
    Community Member

    +1 for that feature

  • ag_ana
    ag_ana
    1Password Alumni

    :+1: :)

  • cretection
    cretection
    Community Member

    +1
    The current URL Matching is not really useful. Especially for subdomains I get all possible passwords displayed with the top domain. Regular ex would be a real enrichment!

  • ag_yaron
    ag_yaron
    1Password Alumni

    Thanks for adding your voice here @cretection ! :+1:

  • P1h3r1e3d13
    P1h3r1e3d13
    Community Member

    I'm coming from LastPass and miss host matching. LP's implementation is functional, and it appears that Bitwarden's is powerful, so I expect 1P could manage your usual goldilocks implementation—functional with a better UX.

    I believe this would be useful to a lot of 1P users; those of us at universities and large enterprises are used to having many different applications with different logins at this.example.edu, that.example.edu, www.foo.example.edu, etc. I have login items for at least seven different host/subdomain variations.

  • vealpool
    vealpool
    Community Member

    Thanks @natemara for the Feature Request.
    I asked for something like this in the past here.

    Sticky Password has something like that included and i gladly used it.
    Miss it in 1Password.

    Would be awesome if we get this feature. ;)

  • ag_yaron
    ag_yaron
    1Password Alumni

    Thank you for the additional feedback guys :+1:

  • rbeumer
    rbeumer
    Community Member

    I would really appreciate this feature, it is also useful from a security perspective by only matching on the right URLs

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you @rbeumer, I have let our developers know about your feedback :+1:

  • Bobtb
    Bobtb
    Community Member

    I would also like to express my interest in this feature.
    Having multiple internal web applications, it would be nice if 1Password looked at the FQDN instead of just the domain part.

  • ag_ana
    ag_ana
    1Password Alumni
    edited August 2021

    Thank you @Bobtb, noted :+1:

    ref: dev/projects/customer-feature-requests#31

  • yaronhay
    yaronhay
    Community Member

    I’d kill for such a feature (just kidding).
    Since I moved to 1Pass (from LastPass), I’m very pleased with how well it works with everything.
    But the number one thing I hate about 1Pass is how bad the URL matching is. And there’s nothing I can do about it.
    (The second this is how poorly SSOs are handled, when I must use the same password, but the login name changes depending on the site. I have to use multiple items for the same password, get superfluous “duplicate password” warnings, and also have to go and manually update the password in each item every time I change my password)

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @yaronhay ,
    Thanks for chiming in.

    Regarding that second issue you described, you can try building a custom login item that will work on all websites:

    • Leave the username of that login item empty, only fill in the password field.
    • Under the password, add all websites URL where you want this login item to autofill in.
    • Under the website URL there's place for custom fields. If you right-click a username field on one of your websites and select "Inspect", the browser should show you the HTML code of the field. Copy the Name or ID of the username field and paste it into the empty "Label" in the login item, then type in your username for that website in the field that belongs to the Label. You can add as many custom fields as you want so theoretically this should work if you get all the HTML names/IDs of the username field from your websites and add them to that login item as a custom field.
  • yaronhay
    yaronhay
    Community Member

    Hey @ag_yaron
    Thanks for the tip!
    However, I can’t get it to auto fill the username on login.microsoftonline.com with the html id (i0116) or name (loginfmt) while leaving the username field empty. Might you have a solution for that?

  • ag_yaron
    ag_yaron
    1Password Alumni

    Unfortunately, no.
    Microsoft's login page is a problematic one and we did a lot of work behind the scenes to get it autofilling correctly but it must utilize the main "Username" field of the login item in order to work. :angry:

  • yaronhay
    yaronhay
    Community Member

    Hey @ag_yaron
    OK, thank you very much for your reply. So I’m kind-of left to choose what I prefer: either having my username auto fill or have no duplicate password. That’s a bummer.

    Would you (the 1Password Team) consider adding a feature allowing us to specify the correct username for each domain name / url match ?
    It seems to me, as something pretty straightforward to implement (although, I don’t really know the actual design of the system), without much of a change: Say you’ve found a URL matching for item x for URL y, then instead of using the username specified in item x, use the custom username stored alongside y, and continue as usual.
    I’m sure this might solve many of the problems users encounter when using 1Password for SSO logins.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @yaronhay ,
    Thanks for the additional suggestion.

    The (already) open feature request for advanced URL matching contains a lot of specific options and users suggestions regarding what they need for specific use cases, so I'm not sure what we'll end up with eventually but it will probably be a much more comprehensive advanced URL matching with custom rules etc.

    In the meantime, in your specific edge case, I'd recommend using drag and drop instead of autofilling at the moment when you get to a problematic website's login page. Simply click the 1Password extension icon on the top right corner of your browser to open it, select the login item and drag the relevant username with your mouse to the field on the website. Repeat this for the password as well and drag it with your mouse from 1Password into the website's field.

    I hope that'll help you for now to work with a single login item in a somewhat convenient manner :)

  • pratnala
    pratnala
    Community Member

    @ag_yaron - If you could just give us what Bitwarden has to start, that itself would be great!

  • ag_yaron
    ag_yaron
    1Password Alumni

    :) :+1:

  • motionless
    motionless
    Community Member
    edited December 2021

    +1 for this feature to be added to 1password. I'm coming from Bitwarden and this missing feature is making me doubt my switching decision.

    Is there an update on this feature?