Advanced URL matching?
Comments
-
No updates as of yet.
0 -
+1, I'm also highly interested in this feature!
I have multiple logins (i.e., more than ten) for one specific domain, say
example.com.
1P works like a charm when the logins belong to different subdomains likefirst-login.example.comandsecond-login.example.com
In that scenario, 1P shows all matching logins that match that domain but reorders the logins in such a way that the matched subdomain is on top - I like that 👍.
But in my scenario, the website does not only have different subdomains but also different paths for it's various login sites, for example:
first-login.example.comexample.com/second-login/example.com/second-login/third-login.php
I added the full URLs (and only them) to the 1P items but 1P is not reordering the logins properly as it does when only subdomains are used...
So I have to scroll through all of those items which makes it kinda hard to find the correct login.0 -
Thank you for chiming in on this as well @winklerrr, and for the examples :+1:
0 -
Chiming in here with a +1 for this feature:
My particular use case is one I expect to expand with the user base over time. As I've recently migrated to cloud-based development, I am often going to various URLs that do conform to what would amount to a RegEx pattern but change every time I use a new environment. I use several of them a day but the credentials to log in to the application I'm developing are always the same. It would be a huge time saver to be able to use RegEx matching for a URL pattern.
0 -
Hello @blairscott,
Thank you for your vote. I added you to the list, which will put more weight into the request.
0 -
Kinda wild that 1Password would push back on this—it would be a very, very useful feature in so many scenarios. What are the possible downsides? Are there security implications? Or… what?
0 -
Please add support for this, for us power users even a simple regex:// would suffice and not trip up anyone else. It should be fairly simple to add without modifying behavior for anyone but those that need/want to use it.
Either that, or per-website custom fields. I have multiple different company domain sites that all have the same main domain name but uses subdomains to separate services, and they require different variations of usernames and in some cases passwords.
0 -
Hey @rafegoldberg, one of our extension developers shared the reason for the current limitations for this here.
We appreciate your feedback, @lassevk. I'll add your comment here to our feature request for this. Let us know if you have any other questions!
0 -
Please add my vote to this request.
I have multiple different credentials that are all on the same domain name just with login different paths.
It is very annoying having to look through the list of irrelevant credentials on each different login page just because they share the same host/domain.Also, kind of in scope, I need to be able to specify that some of the credentials are HTTP Authentication just to access the login page.
At the moment I deal with it like this: (assuming my web app was called FringeScenarios.)
1. Open 1Password extension
2. Find the "FringeScenarios (HTTP Authentication)" credentials
3. Press "Open & Fill"
4. 1Password successfully authenticates through the HTTP security and I reach the login page
5. Login form is incorrectly populated with the HTTP auth credentials
6. Open 1Password extension
7. Scroll through many irrelevant credentials which share the same Domain Host
8. Find the "FringeScenarios" credentials
9. Press "Fill"0 -
The explanation given is over 5 years old. That the team hasn't made it a priority to figure out a way to make this request, which happens basically weekly and has been ongoing for 10 years, work properly is really inexcusable so a 5-year old explanation just does not cut it. :/ I know my workplace, which operates several sub-domains with different credentials because of decentralization (it's a university), will never switch from Lastpass as the password solution it offers all affliliates for free as long as this is an issue.
Like, I look at your Future of 1Password page where you're talking about making 1P a single sign-on solution that can remember the actual way you log into websites whether it be a password, sign in with Apple, get sent a stupid magic link, all kinds of ridiculous fancy stuff for backend admin for teams, but this is a bridge too far???
0 -
Hi @andmade I'm really sorry for the inconvenience. I've left additional feedback about this to my team and to our developers. You're right that we do get a lot of requests for advanced URL matching, and I do agree that having it would be truly beneficial.
Although I can't make any promises, I do hope that there will be a good solution for this in the future. It is something that we here in Support will continue to advocate for on your behalf.
Please let us know if you have any other questions.
0 -
+1 - would love some sort of advanced URL pattern/wildcard matching.
NB - Just to counter all the negative comments "every other password manager does this better" - I came from LastPass and I most definitely prefer the URL matching on 1Password. I love the fact I can put multiple URLs against a single login very easily so I don't have to go through LastPass's clunky interface for "equivalent domains" (that, the concept of vaults and the user interface won me over almost instantly). LastPass does have some ability to tailor the equivalent domain matching which isn't present in 1Password, so I miss that occasionally, but overall 1Password is much better for me. Just a lil spot of wildcard matching would make my day-to-day developer life that little bit easier though so that's my +1
0 -
This limitation is a big turn-off for me. I'm also a Bitwarden user and I'm trying 1Password as a possible replacement for my whole family, but this feature is a must-have for me.
I have many subdomain apps using different credentials:- aaa.domain.com
- bbb.domain.com
- ccc.domain.com
With the default domain match algorithm, I get the suggestion of the credentials from bbb and ccc when I'm on aaa.
On Bitwarden it's very easy to fix this, by changing the matching algorithm to validate the whole host and not only the main domain, per URL.
This allows me to have just the right authentication suggestions on each subdomain address.I don't think I'm willing to lose this feature, and given this request is still open since 2019, I might need to reconsider my Bitwarden to 1Password transition.
0 -
Please add option to items/credentials to restrict autofill/suggestion to only appear when subdomains also match. Presented as an extra option will not impact the experience of customers who don't know or care for this functionality but will enhance experience of others.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided0 -
It appears my comment was moved and now I see some other comments worth engaging with, so excuse the double post.
@Joy_1P
Thankfully I don't desire this functionality often, so it is only a minor nuisance for me, but I can understand it is a major nuisance for others. I don't understand why the 1Password development team have avoided adding this feature. I had read a customer service rep comment saying it was to avoid confusing people, but that doesn't make sense to me and seems insulting. If the default behaviour remained the same but better URL matching was an additional option then there would be no confusion to those not looking for the option.1Password has an enjoyable user experience for the most part (and IMO better than other password managers I've tried), but the lack of better control over URL matching is a frustration that spoils this. I think it is weird the 1Password development team are stubborn on this point but yet the company likes to boast about how good the user experience is while ignoring very reasonable requests...for years.
@tristankoffee @chenriques
I imagine the best way to implement it would be a setting on each item/credential "URL Matching Criteria:" with default being "Main domain only", but additional selection options of "Main and sub domain" and "Exact URL". Then also add account option to change the default of this item/credential option when making new items/credentials. That should give sufficient flexibility while maintaining current standard as default "to avoid confusing dumb customers" as 1Password team says. What are your thoughts on how it would be best implemented?0 -
It appears my comment was moved and now I see some other comments worth engaging with, so excuse the double post.
@Joy_1P
Thankfully I don't desire this functionality often, so it is only a minor nuisance for me, but I can understand it is a major nuisance for others. I don't understand why the 1Password development team have avoided adding this feature. I had read a customer service rep comment saying it was to avoid confusing people, but that doesn't make sense to me and seems insulting. If the default behaviour remained the same but better URL matching was an additional option then there would be no confusion to those not looking for the option.1Password has an enjoyable user experience for the most part (and IMO better than other password managers I've tried), but the lack of better control over URL matching is a frustration that spoils this. I think it is weird the 1Password development team are stubborn on this point but yet the company likes to boast about how good the user experience is while ignoring very reasonable requests...for years.
@tristankoffee @chenriques
I imagine the best way to implement it would be a setting on each item/credential "URL Matching Criteria:" with default being "Main domain only", but additional selection options of "Main and sub domain" and "Exact URL". Then also add account option to change the default of this item/credential option when making new items/credentials. That should give sufficient flexibility while maintaining current standard as default "to avoid confusing dumb customers" as 1Password team says. What are your thoughts on how it would be best implemented?Note: I tried to edit my original comment and it seemed to entirely vanish, I hope by reposting this it is not resulting in multiple comments.
0 -
I'm a 1Password for Families user and a 1Password for Teams user. Count me among those that would love some ability to control the matching behavior.
I'm a web developer, and so I regularly work on sites that share subdomains, e.g. mycompany.com, test.mycompany.com, dev.mycompany.com, and I have numerous accounts on each of those for various testing scenarios. And then the company has lots of internal and external services on various subdomains, so there's also hr.mycompany.com, wiki.mycompany.com, jira.mycompany.com, and so on. 1Password's matching algorithm appears to match only on the base domain and TLD, so all of those get boiled down to mycompany.com, and every single login I have (~50) all appear no matter which one I visit. This affects me every single day, and it's frustrating!
I understand that your average user wouldn't take advantage of this sort of ability, but I'd like to offer a perspective. Power users (like me, and like many commenting in this thread) are one of the best kinds of marketing you can get. People see us using 1Password, or we see them struggling with a subpar password manager (or worse -- without one at all) and we advocate for our favorite product. Adding a feature like this increases our enthusiasm, which means we'll advocate for it more frequently and with more energy, which is good for 1Password overall.
The myriad matching algorithms described would be wonderful, but even a small step in the direction of more flexibility here would be incredibly helpful. For example, simply being able to choose the number of DNS segments which must match (think "ndots" in resolv.conf parlance) would go a long way. This could default to two, making it consistent with current behavior, and it could be hidden by default unless a user enables advanced matching in settings or something to avoid confusion. It could also be "additional segments", where it defaults to zero and matches base domain and TLD, and you can only increase it from there, as it doesn't make sense to match on <2 segments. I'm thinking the setting would either be per-entry or per-website on an entry; having it scoped wider than that wouldn't help much if at all.
That one capability would leave me with only one problematic scenario unaddressed, and that's where I have different logins for auth.cloud.mycompany.com and test.auth.cloud.mycompany.com. I could set it to match four segments, and both logins would match both websites, or I could set it to match five, and the test one would match correctly, and the behavior for the non-test one would be ambiguous. For this reason, I'd also like to request an "exact" mode, where a login only appears in the popup if the website domain is a precise match. This would actually be useful as a global setting; I'd have a bit of cleanup to do in my various entries, but I could make it work for me 100% of the time. A "startsWith" match on the full URL (not just domain) would also work for me 100% of the time and would provide even more flexibility for others. A per-entry or per-website setting would be even better, but I understand that'd be a lot more work for you guys.
Is there any chance that we could see even a little bit of movement on this?
0 -
@chenriques @tristankoffee @MikeMoment thank you all for the feedback. We really do appreciate the time and thought you've put into your comments. All of tthis will be shared with our developers. I really do hope there will be a good solution for this in the future.
0 -
Exactly what jakerobb said. We also have multiple different software with different paths and subdomains, and right now it seems that 1P lists all logins from based on the maindomain. This is a problem since we have many installations, like development, staging, production on different subdomains and paths etc, so there are tons of different login accounts on one main domain.
I just calculated how many login options it suggested on one of the software. It was 29. Only one is correct, and it is not listed at top. Current situation is a nightmare to find the correct login. I would love it to have stricter matching on the subdomain and/or path.
0 -
Moving from LastPass , got recommended 1password on reddit . Everything looks nice . I'm web dev ... 1password dosn't have url matching .. not even order by most similar url . I use password managers because i can't remember 200 different passwords for each dev env , each app deployed on this dev env , not because i can't remember the 5 different passwords i have for my banking , pc , facebook and goverment , those i keep in my head. Good thing you guys offer a trial
0 -
@jakerobb Is there ever a time where it wouldn't be sufficient to just match either the root domain (and TLD), sub-domain(s) and root domain (and TLD), or URL? It sounds like your idea is basically what I've proposed, though perhaps more flexible given control over DNS segments used to discriminate but I'm wondering if that would ever really be necessary.
@ag_tommy @Joy_1P Building on what @jakerobb said, it's hard to advocate for a service with such a niggling frustration. It's also discouraging to see that 1Password has for many years ignored requests for a feature included in many other password managers (I use 1Password because I think the overall user experience is better than alternatives, but I feel like 1Password could be easily dethroned if a competitor innovates their UI).
0 -
@MikeMoment, for all of the use cases I can think of at the moment, I'd be fully covered by your three proposed modes.
0 -
Hey all, thanks for the continuing discussion. I do want to let you know that I've shared these recent comments internally with our teams and I am doing my best to advocate on your behalf. Again, I can't make any promises but I'll do my best to put this issue in front of our devs.
0 -
In web development I have branch builds that are generated dynamically so I don't know this sub-domains upfront.
Having a wild card or the OP approach above would make more sense as it gives granular control of the matching and keeps the password option list small.
0 -
+1 for this feature in some form. I would love to be able to specify multiple URLs or regex matching. Regex support would allow advanced users to create their own rules for unique situations.
0 -
Please fix this major flaw better yesterday!
This is completely embarrassing and as a 1password business user (and 1Password private user since day one) this makes me really angry.
1Password with billions of funding capital does not fix such a major usage bug (AND security bug -> https://1password.community/discussion/comment/643725/#Comment_643725) in more then 10 years.
This is insane I'm sorry. All the comments here over hundreds of forum threads get ignored with the same answers from 1PW over and over again.
We don't need multiple shiny new releases we just need this major BUG solved. Please don't answer again with "we added this one to our suggestion list... bla bla".
Normally I don't get that emotional but this is ridiculous. This behaviour is embarrassing for 1password in general.
34! pages of requests for this one single feature. Absolutely insane how you do ignore your paying customers. :/ It is time to escalate that one.
1 -
+1
I just wanted to file the same feature request. But my research revealed that there is already a lively discussion about this feature. I am also considering moving from Bitwarden to 1Password. I am really missing this feature, as I have several sites that require different credentials for different subdomains.
0 -
+1
I would also love to see this feature in 1P.0
