Fetching wrong entry by default
I have a number of machines in my intranet. For example, say I have www.example.com, jenkins.example.com, and blog.example.com.
When I connect to one of these machines, and then use the Safari Plugin to retrieve the password, it usually picks the wrong machine.
I can see all of the "example.com" machines in the list of proposed entries, but the correct one is not at the top.
It even says (and I have to translate from German, so the real English entry might be a bit different) "Proposals - jenkins.example.com", and then the jenkins entry is at position 2 of the list.
Why is this? It should be 100% clear which one is matching, should it not?
1Password Version: 7.4.1
Extension Version: 7.4.1
OS Version: MacOS 10.15.1
Sync Type: 1password
Comments
-
Hi @Tinue!
1Password shows you all of the logins related to the domain you are visiting. However, it should automatically show you the subdomain entry at the top of the list. Are your 1Password entries showing the correct subdomain you want, and only that subdomain, in their website fields?
0 -
Hi @ag_ana, yes, they do. I just realized that this might be the reason: My example was not accurate. The hosts would be www.home.example.com, jenkins.home.example.com and blog.home.example.com. Possibly this confuses 1Password, I don't know. It's perfectly valid to have multiple subdomains in a domain, though.
On iOS the behaviour is much worse, by the way: I just see a list with about 12 entries for "example.com". I don't even see the host, so I have no idea which one to pick. The one that is proposed is the wrong one, just like with MacOS. Only after I click one more time onto "1Password..." I get to see the host names.
One more thing: One "host" is my lawn mower, which does not do https, only http. If I want to log in to this one, then 1Password just shows me the full list of all entries in the vault. This happens on iOS and on MacOS.
0 -
On iOS the behaviour is much worse, by the way: I just see a list with about 12 entries for "example.com". I don't even see the host, so I have no idea which one to pick. The one that is proposed is the wrong one, just like with MacOS. Only after I click one more time onto "1Password..." I get to see the host names.
Unfortunately that isn't something that we control or could change. This is why we offer the "1Password..." option at the bottom of the list, so that you can get more of the information that 1Password has. Autofill just doesn't have the capability of showing that info itself at this point.
It's perfectly valid to have multiple subdomains in a domain, though.
Yep, that's true, but it isn't very common and as such may not be something that we currently test against. I'll suggest to our QA team that we consider doing so if we start seeing more reports like this.
One more thing: One "host" is my lawn mower, which does not do https, only http. If I want to log in to this one, then 1Password just shows me the full list of all entries in the vault. This happens on iOS and on MacOS.
Could you please verify the
website
field on the Login item exactly matches what you see in your browser's address bar on the lawn mower's login page?Ben
0 -
Hi Ben,
Sorry for the late reply, and thanks for your comprehensive answer.
iOS: I would prefer to only see one entry, if it matches. If there is more than one match, then I personally don't see the benefit of a list. But this is only my preference; I understand now how it works, thanks for the explanation.
Lawn Mower: I deleted the entry, and did a re-login. 1Password did not pop-up and ask me if it should add the entry. I think it does not see the form (actually it's a pop-up) as a password prompt. I am a bit confused, I must admit, because the entry that I deleted contains a "form details" section. I can't remember how I originally added this entry; It could have been fully manual, including the form details. Having said all this: The website field does match.
Subdomain: I wonder how 1Password behaves for UK domains. They all have a sort of sub-domain, such as https://www.amazon.co.uk
Will it match on "co.uk", and thus cannot distinguish between UK domains?Thanks again and best regards, Martin
0 -
Subdomain: I wonder how 1Password behaves for UK domains. They all have a sort of sub-domain, such as https://www.amazon.co.uk
This is a special case that is accounted for (as are others such as .co.jp, etc.).
iOS: I would prefer to only see one entry, if it matches. If there is more than one match, then I personally don't see the benefit of a list. But this is only my preference; I understand now how it works, thanks for the explanation.
To add: 1Password shares the URL and username for your Login items with the autofill feature when enabled. Autofill determines which of those entries are a match, and how to present them.
Lawn Mower: I deleted the entry, and did a re-login. 1Password did not pop-up and ask me if it should add the entry. I think it does not see the form (actually it's a pop-up) as a password prompt. I am a bit confused, I must admit, because the entry that I deleted contains a "form details" section. I can't remember how I originally added this entry; It could have been fully manual, including the form details. Having said all this: The website field does match.
Which platform, browser, and version of 1Password is this happening with? Autofill on iOS doesn't offer the capability to prompt to save Login items when used with 3rd party password managers such as 1Password. As such if this happened on iOS it sounds like it worked as would be expected. If instead this happened on a Mac or Windows PC that is something we'd want to troubleshoot further.
Sorry for the late reply, and thanks for your comprehensive answer.
No worries. You're welcome. :)
Ben
0 -
UK Domain: I hoped I found a perfect example to reproduce... :) As for my particular subdomain: This is a recommended practice for intranet domains. For example: https://social.technet.microsoft.com/wiki/contents/articles/34981.active-directory-best-practices-for-internal-domain-and-network-names.aspx. The relevant part is "So, register a public DNS name, so you own it. Then create subdomains for internal use (like corp.example.org, dmz.example.org, extranet.example.org) and make sure you've got your DNS configuration setup correctly."
Lawn Mower: I tested on MacOS 10.15.1 with the latest 1Password (7.4.1) and Safari. I just now also tried on Windows 10 1909 with the Chrome browser (78.0.3904.108). Here, Chrome asks me if I want to store the login, but not 1Password (7.3.712).
0 -
The relevant part is "So, register a public DNS name, so you own it. Then create subdomains for internal use (like corp.example.org, dmz.example.org, extranet.example.org) and make sure you've got your DNS configuration setup correctly."
Yep; no argument here. It really comes down to a matter of priorities. Thus far we've seen relatively little feedback about this sort of situation, and so it sits on the back burner. That isn't to say that it won't ever boil to the top, but there are other things that have much greater customer impact that we're currently focused on.
Lawn Mower: I tested on MacOS 10.15.1 with the latest 1Password (7.4.1) and Safari. I just now also tried on Windows 10 1909 with the Chrome browser (78.0.3904.108). Here, Chrome asks me if I want to store the login, but not 1Password (7.3.712).
Is the Chrome/Safari password manager enabled on both machines? That may actually be the problem. Built-in password managers are known to cause this sort of conflict:
Turn off the built-in password manager in your browser | 1Password
Ben
0 -
For Chrome on the Mac I disable the built-in password storage on a case by case basis. If it's not disabled, then both Safari and 1Password usually offer to store the password.
On Win/Chrome I just disabled the password manager, and now I am not being asked about storing the password (also not from 1Password).I realized that the Windows version of 1Password has no issue with matching the correct host! It's only Mac and iOS that can't do this. Hopefully it's only a matter of time until this makes it into the Mac/iOS version as well.
0