Exact URL matching + Port number matching filters for credential list

135

Comments

  • warpspeed
    warpspeed
    Community Member

    +1 on developing better matching of URLs, it would be great if there was a way to say in an item "match exactly", and/or to add to the smarts of URL matching so that it prioritises or weights the matches according to how close a match they are.

    I have one particular use case where this would be useful, which is a website that has a secondary auth with a different password needed on a specific page to do a specific thing.

    In that item, I have that specific URL in there, however that item still shows up as recommended, along with the primary one, for all auth instances on that site. Whilst it's only two entries and fairly easy to choose the right one, it would be good if it would recognise the exact match and only show that result.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Thanks for the additional info @warpspeed .

    As I demonstrated in this reply, 1Password does prioritizes suggestions based on the URL's matching (e.g. exact matches will show up first, then other matches with the same domain). :+1:

  • peterhorvath
    peterhorvath
    Community Member
    edited December 2021

    :+1: for this as well from my side.
    Currently it does not seems to be working (Chrome plugin version 2.1.4, 1Password 7 Version 7.9.2 , 70902005)
    It is very helpful to distinguish between subdomains and port numbers and filter based on exact url match as we might end up having 8+ suggestion items without prefiltering.
    We happen to have several times different on some pages, which share the same top level domain(netflify, github pages, also works like this ).

    I also saw several previous closed with similar request in the past for browser suggestion filtering since 2015.

    Was there a progress with this previous request, and may we know when it might be shipped into the browser extension?
    Thanks

  • ag_ana
    ag_ana
    1Password Alumni

    @peterhorvath:

    Thank you for the feedback on this too. We don't have an ETA for this at the moment, so unfortunately we don't have any information to share yet.

  • vidario
    vidario
    Community Member

    I know the topic has already been addressed, but I have read so many threads with this request and the answer is always the same: "Thank you for the feedback"; "We hope to improve and expand this feature in the future", and so on. There are requests that are years old and recent requests and there is still no news about them. At the moment 1password sorts suggestions like this:
    1) Favorites that contain the same domain.
    2) Exact matches of the subdomain + domain.
    3) Matches of the domain (but can be different subdomains or suffix / prefix in the URL).
    Leaving aside the favorites, what many users are asking is to have a flag that suggests only the second case, hiding the third (possibly on the single item and not just as a global parameter).
    Is this kind of change really on the roadmap, as you keep saying?

    Thanks for an honest answer


    1Password Version: 80500065
    Extension Version: 2.2.0
    OS Version: Windows 10

  • vidario
    vidario
    Community Member

    No official position on this? :| :|

  • peterhorvath
    peterhorvath
    Community Member

    Thanks for answering

  • @vidario

    Apologies for the delay here. We're still trying to catch up on responses from late December. You're right, 1Password currently only suggests items based on the root domain. One of our extension developers shared the reason for this limitation here.

    This one is definitely close to my heart, so I feel your pain. While we haven't seen a lot of movement, this is definitely on our radar and we do have plans to improve this. While I can't say when this will be available, I would be happy to add your voice to the list of users who would like to see this.

    As always, we do appreciate your feedback. :smile:

    ref: dev/projects/customer-feature-requests#31

  • On behalf of Ana, you're welcome.

  • ss1pu
    ss1pu
    Community Member

    I have multiple logins where the domain is the same but the host in the login URL is different.

    For example:
    Login 1 = loginpage1.main-domain.com
    Login 2 = loginpage2.main-domain.com

    I don't want Login 2 to be suggested when I visit Login 1. There are URL rules in several competitor platforms that allow for this including BitWarden, Dashlane, LastPass, that allow for this and I have attached images of these settings for each.

    BitWarden:

    Dashlane:

    LastPass:

    In a separate 1Password, discussion when I asked about this capability in 1Password, I was directed to this 2017 post. The TL,DR of it is that this feature was removed because of 1) user confusion and 2) complexity of implementation due to use of hashes to store URL and domain info.

    My responses to this are:

    • The "user confusion" bit is a little strange to me. If the default setting is to use the root domain and strict FQDN setting is something that would need to be turned on by more advanced users, how would anyone who doesn't use it get confused? I am not asking to change the default behavior of the tool. I just want the option when I need to use it.

    • The use of hashes to store this data is not exclusive to 1Password. Other password manager solutions store this data in the same manner as far as I know and they've managed to offer this capability to more advance users who need it.

    • Think of this from the perspective of a managed service provider who uses 1Password as their password manager. By not having this capability there is a certain level of risk introduced in that it is possible to log in to the wrong account because ALL of their client logins are presented as logins just because they are on a shared domain. This can cause unintended harm. If strict URL matching was in place, that becomes a non-issue.

    I hope that some members of the community see this post and up-vote it so the development team put focus on adding this capability to the platform.

    Thanks


    1Password Version: 8.5
    Extension Version: 2.2.3
    OS Version: Not Provided

  • Hey @ss1pu:

    Thanks for your feedback here. As you noticed, this is something we've discussed a bit previously. We definitely hear you though, and I've added your input to the feature request we have on the topic. We're always thinking of ways we can improve 1Password, and we wouldn't be here without feedback like this. Thanks again!

    Jack

    ref: IDEA-I-57

  • ss1pu
    ss1pu
    Community Member

    Hey @RichL,

    I have also entered a detailed feature request for Strict URL matching. I literally logged in to the community platform to day to see how many other people were asking for this, so I am glad I saw your post. I would like to collaborate with as many 1Password users as possible to try and push the devs to make this feature available for more advanced users.

    Here is a link to my request:
    https://1password.community/discussion/127137/feature-request-strict-url-matching

    If you have anything you'd like to add there or talk about a strategy on how to bring this to fruition, feel free to leave a comment in there. I will also follow this thread to see any additional comments made here. Have a great day!

  • volts
    volts
    Community Member

    Consider this an up-vote from me! I fully agree with this request.

    This would help me personally with my bank, where I have multiple unrelated accounts. One banking portal uses a different subdomain host address, the other uses a different path.

    This would also help in a dev/test/prod situation, especially since Display in browser has been removed. :-/

  • @ss1pu

    Thank you for the comment, I see that my colleague Jack has forwarded your feedback and request to our developers in the other thread. 😊

  • ss1pu
    ss1pu
    Community Member

    @Dave_1P and @Jack.P_1P, Thanks for update! I am glad to hear that feedback from the users has gone back to the devs. Hopefully the requested functionality makes its way in to the product.

    Sorry for the double post. I think the second one got help up in the post review process and then added to this thread when it was approved.

  • @ss1pu

    Thanks again for the request and the feedback. 😊

  • gdhnz
    gdhnz
    Community Member

    I know you're still working through the sub/root domain request everyone here wants but is there an update to the sorting of the inline menu as mentioned in #Comment_619254

  • @gdhnz

    To confirm, are you finding that the sorting of the inline menu does not match what you're seeing in the pop-up when you toggle 1Password in the browser from the toolbar?

  • gdhnz
    gdhnz
    Community Member

    Yes. There is a sorting mismatch between the inline menu and the toolbar button.

    The inline menu is not correct. The toolbar menu is.

  • Joy_1P
    Joy_1P
    1Password Alumni

    @gdhnz Hmm, it does look like our developers took a look at the issue but were unable to reproduce it. Can you let us know what browser and version of the extension you're using? Can you also let us know if the issue occurs only on a specific site or if it happens on all sites?

    On top of that, can you send us a screenshot showing the mismatch between the items in the inline menu and the extension popup in the toolbar from your end? Make sure to blur or remove any sensitive info from the screenshot (such as your passwords).

    As a note, there's not a way to attach a screenshot to your reply. However, you can link to it, or you can email the screenshot to us at support+forum@1Password.com.

    With your email please include:

    You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here. Thanks!

  • gdhnz
    gdhnz
    Community Member

    Email sent as requested. The support ID is #IMV-32471-446

  • Joy_1P
    Joy_1P
    1Password Alumni

    @gdhnz Thanks so much, we'll take a look and reply soon.

  • dsmcafee
    dsmcafee
    Community Member

    A very common case now is redirects for auth. Authelia for example as it is usually set up behind nginx will redirect to site/authelia. The authelia login entries show up on every site. Since in my case "site" is also a wild card cert with about 15 different entries, I get a massive list of possible matches using the current 1password behavior. It's not terrible on the desktop because there is enough info to choose the right one, but on IOS the list only shows username and the domain but not the subdomain. The list makes it impossible to choose the correct entry, this is a serious usability issue on IOS. You really should show the subdomain.domain for the entry. What I'd really like is "match on url" as an option for these authelia entries and "match on subdomain.domain only" as an option for these wildcard cert entries. Then it would prompt me with the correct choice.

  • ss1pu
    ss1pu
    Community Member
    edited July 2022

    Would anyone from the 1Password Team be able to tell me why my original post was removed? I had a separate post on this and now I see "Discussion Not Found" when I try to navigate to the URL where my post was located. See screencap below.

    Any ideas on why this would be removed?

  • RodgerThat34326
    RodgerThat34326
    Community Member
    edited September 2022

    Hi, Ive specifically signed up / made an account to chime in on this ( IE: +1 for better/full URL matching, in my case Especially differentiate PORT numbers in URL matching, ie 192.168.1.1:3040 is different than 192.168.1.1 and different from 192.168.1.1:3041).

    As many have pointed out, im in the same boat in that i get MANY 1pw suggested autofill options, usually based only on the IP address (root domain, in the case of an IP). As a network admin and coder, you can imagine i frequently access non-public, unusual URLs , daily.

    Ive read all the technical replies in regards to, hashing of the saved creds entry and comparing that to a hash of the current site root/sub-domain hash = match or no-match -> however i dont understand why this same process could not work for a hash of the full url (or a hash of root domain and also a 2nd hash of root-domain + port number) vs the same 2x hashes saved at cred creation/in 1pws database. I dont really need an answer to this question, i just REALLY need this to be fixed, as in general i get way too many, "generic" 1pw autofill suggestions for a 40% or so of the login/pass fields i click on. (win11, chrome or FF, 1pw v7).

    another question im putting out there (does not need an answer), why is necessary for the URLs of saved credentials to even be encrypted in the first place? (i agree, yes, it is better for entire entry to be encrypted, but if the exact URL of xyz stored cred kept in a UN-Encrypted state FIXES this issue, i am fine with that).

    or even better: give the user the option. IE: by default all is encrypted, but optionally (if you need/desire more precise matching of full-URL->autofill suggestion, then you can OPT IN/enable to have all stored URLs kept un-encrypted.
    ie something like:

    (stored in) CLEARTEXT: "admin.mydomain.com:4500" is LINKED to ENCRYPTED: credentials "bob/myPW ect.." so match fully/accordingly when 1pw browser extension hits a login/pw field.

    thanks!

  • RodgerThat34326
    RodgerThat34326
    Community Member

    Hi, Ive specifically signed up / made an account to chime in on this ( IE: +1 for better/full URL matching, in my case Especially differentiate PORT numbers in URL matching, ie 192.168.1.1:3040 is different than 192.168.1.1 and different from 192.168.1.1:3041).

    As many have pointed out, im in the same boat in that i get MANY 1pw suggested autofill options, usually based only on the IP address (root domain, in the case of an IP). As a network admin and coder, you can imagine i frequently access non-public, unusual URLs , daily.

    Ive read all the technical replies in regards to, hashing of the saved creds entry and comparing that to a hash of the current site root/sub-domain hash = match or no-match -> however i dont understand why this same process could not work for a hash of the full url (or a hash of root domain + port number) vs saved full url's hash. I dont really need an answer to this question, i just REALLY need this to be fixed, as in general i get way too many, un-clear, 1pw autofill suggestions for a 60%+ of the login/pass fields i click on. (win11, chrome or FF, 1pw v7).

    another question im putting out there (does not need an answer), why is necessary for the URLs of saved credentials to even be encrypted in the first place? (i agree, yes, it is better for entire entry to be encrypted, but if the exact URL of xyz stored cred kept in a UN-Encrypted state FIXES this issue, i am fine with that).

    or even better: give the user the option. IE: by default all is encrypted, but optionally (if you need/desire more precise matching of full-URL->autofill suggestion, then you can OPT IN/enable to have all stored URLs kept un encrypted. (ie something like:

    (stored in) CLEARTEXT: "admin.mydomain.com:4500" is LINKED to ENCRYPTED: credentials "bob/myPW ect.." so match fully/accordingly when 1pw browser extension hits a login/pw field.

    thanks!

  • glyph
    glyph
    Community Member

    Has this regressed in 1Password 8? The filter in Quick Access is clearly based on the publicsuffix+1 and the sort is simply alphabetical on name. I don't care so much about the filter excluding things, but it is a gigantic pain in the butt to be constantly getting the password for my printer recomended for my NAS, router, etc. simply because Canon starts with "C" and the other brands come later in the alphabet.

  • nciiis
    nciiis
    Community Member

    Only one of these items actually match the current domain, and it is not even the first one on the list. Which is why this option is very important:

    1) Exact URL matching for multiple hostnames on the same domain

  • BLD
    BLD
    Community Member

    +1 1Password engineers -- please fix this at long last. Things actually got worse in this regard with 1P8. :-(

  • RodgerThat34326
    RodgerThat34326
    Community Member
    edited October 2022

    @BLD - thanks for reporting that (re 1password v8) - im still on 1pass v7 and will remain on v7 for the foreseeable future. If this URL matching ever gets fixed (and not-backported to v7) , i would move to v8.

    Its really un-excusable that this matching issue still is not being addressed; when it so greatly affects one of the most important aspects of any password manager.

    I have had to change how i name entries in 1password due to this issue.
    tks