Advanced URL matching?
I am a current user of BitWarden, and I'm interested in 1Password, but there is a big feature of BW that seems to be missing from 1P. I have seen many support threads asking about how to get URLs to match in different strange scenarios. In BW, I can add multiple URIs to each login item, and each URI can have a matching algorithm associated with it. The algorithms are:
- default
- base domain
- host
- starts with
- regular expression
- exact
- never
From what I can see, there are no such options in 1Password. Is this something that the team is looking into? I have attached a screenshot of what this interface looks like in BitWarden.
Here's the BitWarden documentation on this feature: https://help.bitwarden.com/article/uri-match-detection/
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Advanced url matching
Comments
-
Hey, @natemara
I see how that would be useful to have in 1Password, though I'm not sure how many of 1Pass users would actually use it.
I have to say, I'm not a 1Pass team member, but I've read in other threads that changing the URL matching behavior is not currently something the team is focused on (or will be).
It's not they don't see how it could be of value for some of us, but rather the confusion it may cause or just not being useful to the majority of 1Pass users.
I know it's probably not what you wanted to hear... Hopefully, this clarifies your doubts.
0 -
Hey @natemara 👋 Welcome to the forum. @arturoaubry's reply here (thank you for helping out the community :smile:) is pretty spot-on. This isn't something in the cards at the moment, but as the old adage goes, "never say never." Your feedback is appreciated, however; it's great to gauge interest of current or potential 1Password users, so thank you!
0 -
I would be interested in a feature like this too. Am migrating from Bitwarden as other features outweigh the negative of this lacking feature but it would still be good to have!
0 -
Hey @pratnala ,
You can add multiple URLs to a single login item, which would allow 1Password to autofill the credentials in all of these URLs.
However, 1Password does not have the option to give each URL a role or a "special algorithm". If the domain of the website matches the domain that is stored in 1Password, then 1Password will be able to autofill there. Even if there is a subdomain in the URL or if there are prefix/suffix on it.0 -
+1. Trying to use the same password for www.example.com, www.example.ltd and www.example1.company, and more, which changes frequently. A better url matching capability is really needed...
0 -
Hey @aseaday ,
The URLs you provided here as examples are completely different, and no advance matching would help in that case.Simply add all URLs to the same login item in new "website" fields and you will be able to autofill the same set of credentials in all of them.
0 -
Hi @Yaron , the problem is that this website changes its url all the time, for some reasons, but the url do follow a pattern which can be interpreted using a regex formula. Sometimes you visit an old url,
www.example.comthey will redirect you towww.example.ltdand the url matching won't work. You add thewww.example.ltdto url matching today and tomorrow when you visitwww.example.ltdorexample.comthey redirect you towww.example.xyz.0 -
Hey @aseaday ,
That sounds like one crazy website. :)Websites should not change their base domain at any given time on a normal basis. They can add subdomains, they can add paths to their URL, but they should definitely not change their base domain. No password managers out there support it, not even the one that is built in your browser (like Chrome's autofill). It is dangerous as it is senseless.
Imagine that a malicious 3rd party buys a .ltd domain with the same name of one of your most used websites, and tricks you into trying to log into it. 1Password will autofill your credentials there if we implement such a feature, and your credentials would be stolen.
0 -
+1 for that feature
0 -
:+1: :)
0 -
+1
The current URL Matching is not really useful. Especially for subdomains I get all possible passwords displayed with the top domain. Regular ex would be a real enrichment!1 -
Thanks for adding your voice here @cretection ! :+1:
0 -
I'm coming from LastPass and miss host matching. LP's implementation is functional, and it appears that Bitwarden's is powerful, so I expect 1P could manage your usual goldilocks implementation—functional with a better UX.
I believe this would be useful to a lot of 1P users; those of us at universities and large enterprises are used to having many different applications with different logins at
this.example.edu,that.example.edu,www.foo.example.edu, etc. I have login items for at least seven different host/subdomain variations.0 -
Thank you for the additional feedback guys :+1:
0 -
I would really appreciate this feature, it is also useful from a security perspective by only matching on the right URLs
0 -
I would also like to express my interest in this feature.
Having multiple internal web applications, it would be nice if 1Password looked at the FQDN instead of just the domain part.0 -
I’d kill for such a feature (just kidding).
Since I moved to 1Pass (from LastPass), I’m very pleased with how well it works with everything.
But the number one thing I hate about 1Pass is how bad the URL matching is. And there’s nothing I can do about it.
(The second this is how poorly SSOs are handled, when I must use the same password, but the login name changes depending on the site. I have to use multiple items for the same password, get superfluous “duplicate password” warnings, and also have to go and manually update the password in each item every time I change my password)0 -
Hey @yaronhay ,
Thanks for chiming in.Regarding that second issue you described, you can try building a custom login item that will work on all websites:
- Leave the username of that login item empty, only fill in the password field.
- Under the password, add all websites URL where you want this login item to autofill in.
- Under the website URL there's place for custom fields. If you right-click a username field on one of your websites and select "Inspect", the browser should show you the HTML code of the field. Copy the Name or ID of the username field and paste it into the empty "Label" in the login item, then type in your username for that website in the field that belongs to the Label. You can add as many custom fields as you want so theoretically this should work if you get all the HTML names/IDs of the username field from your websites and add them to that login item as a custom field.
0 -
Unfortunately, no.
Microsoft's login page is a problematic one and we did a lot of work behind the scenes to get it autofilling correctly but it must utilize the main "Username" field of the login item in order to work. :angry:0 -
Hey @ag_yaron
OK, thank you very much for your reply. So I’m kind-of left to choose what I prefer: either having my username auto fill or have no duplicate password. That’s a bummer.Would you (the 1Password Team) consider adding a feature allowing us to specify the correct username for each domain name / url match ?
It seems to me, as something pretty straightforward to implement (although, I don’t really know the actual design of the system), without much of a change: Say you’ve found a URL matching for item x for URL y, then instead of using the username specified in item x, use the custom username stored alongside y, and continue as usual.
I’m sure this might solve many of the problems users encounter when using 1Password for SSO logins.0 -
Hey @yaronhay ,
Thanks for the additional suggestion.The (already) open feature request for advanced URL matching contains a lot of specific options and users suggestions regarding what they need for specific use cases, so I'm not sure what we'll end up with eventually but it will probably be a much more comprehensive advanced URL matching with custom rules etc.
In the meantime, in your specific edge case, I'd recommend using drag and drop instead of autofilling at the moment when you get to a problematic website's login page. Simply click the 1Password extension icon on the top right corner of your browser to open it, select the login item and drag the relevant username with your mouse to the field on the website. Repeat this for the password as well and drag it with your mouse from 1Password into the website's field.
I hope that'll help you for now to work with a single login item in a somewhat convenient manner :)
0 -
:) :+1:
0 -
+1 for this feature to be added to 1password. I'm coming from Bitwarden and this missing feature is making me doubt my switching decision.
Is there an update on this feature?
0
