Why does 1Password6 offer a password for amazon.co.uk when I am trying to log in to amazon.com
I have two saved Logins for Amazon. One for amazon.co.uk and one for amazon.com. When arriving at either site, both logins are offered to me by 1Password. Does 1Password know Amazon US has a subsidiary Amazon UK? Shouldn't it count them as unrelated, and not allow me to enter the .co.uk password into the .com site (and vice versa).
1Password Version: 6.3.3
Extension Version: 4.6.1.90
OS Version: 10.11.6
Sync Type: none
Referrer: forum-search:Amazon
Comments
-
@PaulHammant: Good observation! I'm sorry for the confusion there. Indeed, we've built some domain equivalencies into 1Password. For example, Amazon, as you noted, and others such as Apple/iCloud and Microsoft/Live. I can see how this might be unexpected in some cases, but we've added support for these (and others) due to popular demand. Since these sites belong to the same companies and often share login credentials, this makes it easier for folks to fill using 1Password (without fiddling with multiple URLs) and doesn't pose a security risk. I hope this helps clarify things, but be sure to let me know if you have any other questions! :)
0 -
So if I were to make https://amazon.paulhammant.com with a user and password fields, you're saying it wouldn't be eligible receive one of the existing amazon passwords?
0 -
@PaulHammant: Definitely not! :lol:
You could certainly add that as an additional URL for your Amazon login item if you wanted...but since I am not PaulHammant, I would not do that myself. ;)
0 -
Hi @PaulHammant,
I just want to add a little to what brenty has already written. We add hardcoded equivalences very sparingly. Ones such as apple.com and icloud.com are so each person doesn't have to add the second domain. We added amazon and eBay to the list for one reason alone, an account on each will work with any country specific version of the site. I created my account on amazon.co.uk and can add, purchase and send items using the likes of amazon.ca to Canadian addresses. Beyond those mentioned I don't think we have any others.
0 -
Thanks for replying.
One last Q: The implementation, specifically, is an explicit list of domain synonyms, and not a regex/wildcard/contains one that could accidentally include things hackers could make because they know we trust 1Password?
0 -
Hi @PaulHammant,
It's explicit, simple string equality so that if the two domains (we ignore subdomains) don't match perfectly then it isn't a match. No pattern matching of any kind.
0 -
Thanks - keep up the good work!
0 -
Likewise, thanks for your support! We couldn't do what we do without you and the rest of our awesome customers. :chuffed:
0
