How to: Multiple passwords in related domains

jrepenning

I deal with a dozen or so internal sites of my own company. Most share an SSO system, so the actual login page is, for them, all "weblogin.example.com". This part all works great.

However, a few of our sites aren't plugged in to that system, so their login page is "somethingelse.example.com", or even "some.thing.else.example.com".

And in a very few cases (mostly related to testing), I need to store several different credentials for the same site.

I've been managing this by making up structured names for the entries ... "Ex:main:me", "Ex:other:me", "Ex:other:test1" and such. This cause 1P to offer them all whenever I visit any of the sites, and I can fairly conveniently pick the one I want.

But I'm hoping it can be better. How can I make 1P entries so that:
1. a few sites have explicit hostnames that get picked uniquely (or at least, sorted to the top of the list) when I'm visiting them
2. a few sites are wired to the common entry even though they have other subdomain names
3. most sites automatically select the main entry

---

1Password Version: 5.3
Extension Version: 4.4.3.90
OS Version: 10.10.5
Sync Type: DropBox
Referrer: kb-search:multiple entries for same DNS hostname

littlebobbytables

Greetings @jrepenning,

So I believe 1Password should do some of this so let's see what we can do :smile:

The first thing I'm curious about is if you have the following preference enabled or disabled. The setting in question is Lenient URL matching and it can be found in the Browser tab of 1Password's preferences. If it's enabled please disable it and I think in your case you will find it is.

What this setting does is ignore subdomains and just matches the domain. So it will show you everything that matches example.com and list all of them in alphabetical order by title.

With this setting disabled what you should find is if you visit somethingelse.example.com and have only one Login item with that specific full domain that it will fill it automatically if you use ⌘\ and show it at the top if you use ⌥⌘\ (as well as hide the others behind a Show X more items option).

The above may very well help with point two as well. 1Password should offer anything with somethingelse.example.com at example.com as the domain matches. I was about to suggest an additional website field but I don't think you'll gain anything from it in this situation. They will be hidden behind a Show X more items but that might be fine in this case, what do you think?

As long as 1Password matches a single Login item it will fill when you use ⌘\ and will only show you the 1Password mini menu if more than one item matches. I think the setting I talked about at the start may be key to a lot of your needs but we'll know better when you post back :smile:

jrepenning

I checked on my primary computer (a laptop, or "the laptop" as I usually think of it). "Lenient" was indeed enabled; I disabled it. (Some time later, I checked another computer, finding that its "Lenient" was off. Is this setting synced along with the PW database itself?)

Then I overhauled my bevy of entries. As it now stands, post re-org,
1. there is only one entry with my "official" password. It has two websites:

• weblogin.example.com (the SSO login point)
  • halfway.example.com (a system that offers its own login page, but delegates identity confirmation to #1)

2. I also have a handful of "somewhere.example.com" and "some.where.example.com" entries, for individual hosts that, for one reason or another, don't share the same core credentials or IdP. These each have exactly one website entry.

So I think the way you're saying this will work is:

• Most systems (those that delegate the login page to weblogin.example.com) will use 1P entry #1.
• The one odd one, halfway.example.com, which posts its own login page but delegates confirmation to the same IdP as weblogin.example.com, will also use 1P entry #1.
• The variously idiosyncratic ones, with their own page and identity base, will use their own 1P entry.
• If (I don't actually know) there are other multi-host sites, outside the .example.com universe, with some variant of their own, I may yet have to discover them and deal with them. For instance, some commercial sites (like southwst.com) allow you to log in at any page (there's a "username/password" patch on every page); this might force me into adding website URLs to my current sw.c entry (depending on exactly how they structure those intrasite URIs).

littlebobbytables

Greetings @jrepenning,

So I believe we're definitely on the same wavelength regarding example.com. If you find it doesn't work the way you've described and that I've led you to believe please do let us know.

For other sites where you have a single Login item that you need to work over a variety of subdomains a single entry for the first login page should suffice. 1Password won't find anything that matches the exact subdomain but it will find one that matches the domain. I don't think I have many examples I can fall back on in my own vault but I'm confident that you should find this to be the case. If you find it be otherwise again, please do let us know.