Can I make a single item in a vault have many (1000s) of websites added so autofill works for each?
Howdy!
Is there a limit on how many websites can be added to just a single 1Password item?
Am I able to add thousands of domains to a single login item so that those credentials are available on all of those domains?
1Password Version: Not Provided
Extension Version: 2.18
OS Version: Not Provided
Browser: Chrome
Comments
-
I have no idea whether that's possible, but if not you may consider just making a spreadsheet with your domains and the same credentials copied, and then importing that into your vault. Just an idea if nobody can help with your original query.
0 -
Hi @bfreeman,
I'm not aware of any limit to how many
websitefields you can add to a Login item. That said, you may experience performance issues in the 1Password app or browser extension when selecting or making changes to that item. Relying on multiple Login items is recommended, as it's always best to use a strong, unique password for each website or service where possible. This will ensure your other accounts will remain safe in the event one of them is breached or compromised.0 -
Howdy, @ag_max !
The scenario is that we have one system with thousands of domains where that single system is accessible and that list of domains changes frequently. We would be unable to make the password unique per domain as the system is the same service just across many different domains.So I would like to have as few records for this system as possible. Is there a known quantity of website fields in a login item there can be before there are performance issues?
0 -
Thanks for the reply. When 1Password is unlocked your data has to be decrypted and loaded into memory. The performance that you see will likely depend on your browser and system capabilities.
The scenario is that we have one system with thousands of domains where that single system is accessible and that list of domains changes frequently.
I'm not sure that I'm understanding the setup and would love to learn more so that I can communicate your use case to the team. Why are your users accessing the same service across thousands of different domains that change frequently?
Usually what organizations will do when they have the same account signing into multiple domains and services is setup something like Microsoft Entra or Okta to manage those sign-ins and present a consistent sign in experience across domains and services.
-Dave
0 -
Howdy, @Dave_1P,
Thanks for the interest.
I want to build a login for our own service to that we built that we use to make updates to websites that we build. We have the same service accessible on the domain of each website which is why we want to be able to autofill this login on each domain. We gain and lose websites frequently, so that is why we were looking into a way to have the login for this service be updated in 1Password so that our team could access the service on all of the websites that we built. We also change the password to this system on a regular basis so being able to update the 1Password record and have that login accurate and available to our team is why I considered using a 1Password record with lots of domains.
We don't have our service setup to use Entra or Okta for this since we built it ourselves and I was looking into improving the login for our team without having to invest in lots of dev hours to make it work with an identity provider.
Currently, our solution is to create TextExpander snippets for this login and use that to put the login information into the website since it is the same service across all of those websites. I would like to get away from the TextExpander snippets for logins as it is not encrypted like how 1Password is.0 -
Thank you for those details! I'm not familiar with that kind of setup, using an identity provider is the usual way that folks go when they need to use the same login credentials across various websites and services. Is this solution entirely custom-built or is there some open source project or architectural white paper that I can forward to our product team?
Currently, our solution is to create TextExpander snippets for this login and use that to put the login information into the website since it is the same service across all of those websites. I would like to get away from the TextExpander snippets for logins as it is not encrypted like how 1Password is.
Another risk of using a snippet for this sort of use case is that your team is at increased risk for phishing. 1Password in the browser will only fill login credentials into a website URL listed for that login credential but TextExpander just fills text fields arbitrarily.
In general, it sounds like there is a risk for phishing since team members are entering the same login credentials into many different domains that change regularly. It may be difficult to prevent someone from accidentally entering login credentials into a malicious, or just incorrect, website. Even if you add all of the website URLs to 1Password, team members might still manually enter the login into a malicious website believing that a certain domain just hasn't been added to 1Password yet.
-Dave
0 -
@Dave_1P
Unfortunately, I cannot share any open source project or architectural white paper on our system as it is our own custom-built system. I don't think that we used any open source foundation for our system but I am not in the development team so I would not know that.That is a great point about a phishing risk that I had not considered. I think that it isn't a highly likely occurrence that someone would build a convincing phishing website that looks like our custom system, but it definitely is possible. We are a fairly small company, but that doesn't make us not vulnerable to a targeted attack. That definitely encourages me to find a solution and I would love to be able to use 1Password to help my team leave the TextExpander snippets behind.
One idea that I had that might be able to help me with this idea is if 1Password had a single location that I could (preferably using the 1P CLI) enter the 1000s of domains into and I could create a login item with the credentials for our service set to reference this single location. That way if I go to one of the domains in that list, it would search that single location and if the domain matched the list, then the login item would be suggested for autofill. I was thinking if the "Autofill Behavior" box that pops up for the Website field allowed you to allow autofill on domains in that single location, that would achieve the behavior that I am looking for.
0 -
Hey @bfreeman,
Thanks for your reply and for the additional details. I can understand the hesitation around sharing too much about your custom system. That's no problem at all.
I'd like to be up front with you. I haven't encountered a situation like this before, where a custom built solution will be sharing credentials, but across multiple domains. As @Dave_1P mentioned, I'd typically advise having unique login items for each set of credentials, broken down by the domains that each one is used for. You can also use an SSO provider, such as Microsoft Entra or Okta, to manage sign-ins among your team. This will help to provide a consistent experience among your team as they sign in to the various services and domains they utilize throughout the day.
That said, I have shared your feedback with our Product team so they can take a look and see if this is something that can be considered for a future improvement. I'm unable to say if, or when we may see this functionality released, but the team is aware of your interest.
Thanks again. Let me know if I can provide any further assistance.
-Jon
ref: 39017718
0
