2 Feature Suggestions: rich 1password extension icon; auto-add new address

Since my 1password vault has grown bigger and bigger, it had happened more than once that I visit a website (forum) and forget I've already signed up there. So I'm thinking is it possible to use the 1password icon to indicate if you have an account on current website?–e.g. when I visit a website, if I have an account in the vault that can be used to login, then the extension icon turns green, otherwise it's just gray, and if I have more than one accounts, a badge with numbers shows up.

The second suggestion is for the situation that some websites change their domains or just have multiple domains. For example, I created an account on agilebits.com, however for some reason it is later changed to 1pass.com (or it's just its another domain). Now I visit 1pass.com and want to use the same account to login, so I search and locate the entry named 'agilebits' from the extension window, however if I press enter, I will be taken to the old agilebits.com instead of just filling in on the current website. So I was wondering, should it be, under this situation, the press enter action should actually be carried out as filling in the current website, and the new url be added to the entry automatically?


1Password Version: v6.7 (670008)
Extension Version: 4.6.6.90
OS Version: Mac OS X 10.12.5 (16F73)
Sync Type: dropbox

Comments

  • matthew_agmatthew_ag 1Password Alumni
    edited May 2017

    Hey @fyimback,

    Thanks for taking the time to write in and for your suggestions :chuffed:

    e.g. when I visit a website, if I have an account in the vault that can be used to login, then the extension icon turns green, otherwise it's just gray, and if I have more than one accounts, a badge with numbers shows up.

    This is certainly an interesting idea. Having the badge change color if you have Logins for the current website sounds like a good idea. Currently the way I check if I've a Login item for the current website is to either click on the 1Password button or to use the keyboard shortcut Option ⌘ \ which will bring up the 1Password Mini which will display a list of Login items for the current website just below the Search field. e.g.

    Having a badge with numbers show up might be a little confusing to users though since these are normally used for notifications which may cause people to thing 1Password needs them to do something. It's certainly something to consider though.

    Now I visit 1pass.com and want to use the same account to login, so I search and locate the entry named 'agilebits' from the extension window, however if I press enter, I will be taken to the old agilebits.com instead of just filling in on the current website. So I was wondering, should it be, under this situation, the press enter action should actually be carried out as filling in the current website, and the new url be added to the entry automatically?

    This is certainly a good suggestion from a usability point of view however from a security perspective it would mean that 1Password would allow you to fill sensitive data into any website regardless of the website field. The website field of a Login exists not only to help with Go & Fill but also to protect against Phishing attacks.

    The protection works like this: let's say you accidentally find yourself on a fake version of your banks website with the URL www.yourbank.com.badguys.com and you didn't happen to notice that the start of the URL www.yourbank.com that looks like your bank's website address is actually just a sub-domain of the badguys.com website. The web page itself all looks legitimate, all the logos and text look fine however entering any of your personal data here will just hand it over to someone other than your bank. 1Password won't allow filling into this page because the URL doesn't match what was in the website field of the Login at the time it was created.

    When a 1Password Login item isn't being matched when you're on a web page the first thing to check is ensure the URL of the web page is legitimate and that you're on the right page. Obviously having 1Password automatically fill here and add the current URL to the Login item would make it too easy to make this mistake and allow phishing scams to work.

    I hope this explains this protection. If you've any questions or further comments do let us know.

    Best regards,
    Matthew

This discussion has been closed.