Can 1Password handle selective equivalence with subdomains?

jsp3

HI there -
I am not a user yet and looking to see if this will meet my needs.

I would like to know if 1Password can handle this scenario, as other password managers (such as LastPass) have struggled with it:

I want to be able to do these things:
1) Group together selected subdomains subdomains but not all of them
2) Add sites that are in a different domain to the same group:

For example:
a) I want aaaa.myemployer.com and bbb.myemployer.com to share a username and password.
b) But I want myemployer.com to have a different password.
c) And ccc.myemployer.com and ddd.myemployer.com and someothersite.com to have even another password.

LastPass handled this by always considering subdomains as equivalent by default, but there was an option to state that the sites were not equivalent unless the subdomain matched. That solves the issue of not having autofills from the wrong subdomain... but then I couldn't consider subdomain aaa and subdomain bbb as equivalent. It was one or the other. I want both!

Will 1Password do this for me?

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

littlebobbytables

Greetings @jsp3,

I'm not entirely sure 1Password will meet your requirements. Here's how 1Password behaves and I'll let you decide where we fall on the scale :smile:

The first thing to know about 1Password is we don't do autofill. All filling must be initiated by the user. This is primarily via the keyboard shortcut ⌘\ (or ctrl + \ if Windows) but can also be accessed via the browser extension button.

The second thing to know about 1Password is it will always ask which item to use if it finds two items are considered equal. Now by default 1Password consider a match to the FQDN (Fully Qualified Domain Name) better than a match to just the registered domain name and so using this you can create Login items that would be selected automatically when filling with the keyboard shortcut with your example above. A Login item can contain more than one website field so you could create a single Login item that explicitly references both aaaa.myemployer.com and bbb.myemployer.com. This item will be selected by default when filling with the keyboard shortcut when on those exact subdomains. The website field doesn't have to be just for subdomains so the same holds true for Login item c) whether it's one of the subdomains or an entirely different site.

Let's say you're now visiting just myemployer.com, no subdomain and just those two Login items that cover a) and c). 1Password will display its helper menu because technically both are valid on the registered domain of myemployer.com and neither has a stronger claim to be valid for myemployer.com. If you were to create a third Login item that explicitly references myemployer.com that changes as it is a precise match.

Now at any point you can still select a non-default Login item and fill using it as all three do match the registered domain name. 1Password won't stop you from explicitly selecting say Login item C whilst you're on aaaa.myemployer.com, it just won't fill by default with item C as it isn't a precise match.

If you're looking for a password manager that will absolutely refuse to fill a Login item that references just myemployer.com whilst on aaaa.myemployer.com then 1Password possibly won't meet your requirements. If the default behaviour is sufficient though you may want to make use of our trial period and give it a solid test to see what you think.

jsp3

That doesn't sound like it will work because one subdomain may have 10 logins that I don't want or need to show on any of the rest.
Too much clutter!
:(

AGAlumB

Yeah, that does sound like a lot of clutter. Favorites can help if you have a few you use most often, to make those more accessible, but ultimately it sounds like the problem is too many logins for the same domain. I'm not sure that's something we should fix for you programmatically (given that in most cases partial matches are desirable), but it's definitely something we can keep in mind as we develop future versions of 1Password. Thanks for sharing the details of your particular use case with us!

littlebobbytables

Hi @jsp3,

Just to add to what Brenty has said and to clarify what I previously wrote. Let's say you're visiting myemployer.com and you have a single Login item that explicitly references it whilst you have 2+ that reference one or more subdomains of myemployer.com. If you were to bring up the 1Password mini menu then at least on the Mac those 2+ items that weren't an exact match would be hidden behind a menu option titled Show XXXX more items. If you then visited a subdomain the list would chance so only the exact matches were instantly accessible and that previous Login item that matched myemployer.com exactly would now be hidden behind the Show XXXX more items menu option. Now if that still falls under the scope of clutter we fully understand, I just want to make sure you didn't think you'd have to always wade through the full list of anything that matched myemployer.com to find the one you're looking for.

jsp3

Oooh that helps.
Thanks. I will look closer into this now.

It can be a hassle to set up a product like this to start with, especially when the situation is a little bit complicated and the usernames and passwords are not currently memorized. So, I don't want to put the initial effort into it even when there is a free trial unless I think the product might meet my needs and it sounds like this might.

littlebobbytables

You're quite right @jsp3, it can sometimes take a certain level of investment before you can build a reasonable picture of what to expect. Now normally after installing 1Password and getting the extension connected we'd suggest you visit sites naturally and let 1Password offer to save. Then get used to using 1Password whilst your original passwords are still in use. Once you feel comfortable you can start to change passwords and at this point you're pretty much you're using 1Password full time. You can still back out of course and will always have access to whatever you place in your vault(s) unless you delete them entirely.

For you, it might be worth setting up even about 5 Login items right at the start to simulate the scenario you've been describing. The behaviour you see with 5 or so Login items is what you should expect to see with more. Hopefully that will give you a taste of how 1Password will work for you without too much time and energy being spent in the process. We are also here if you have any questions that arise during testing or indeed further usage if 1Password looks to be a good fit for you :smile:

wjdp

Hi, I'm trying to get the behaviour described above in the 1Password X extension. I have 20+ logins for myemployer.com and having to find the correct one in the list is rather irritating. Using Firefox, the built in password manager does this.

dteare

Hello @wjdp,

I hear where you're coming from and have written about this at great length in this comment on Feedback on Subdomains.

I'm sympathetic to the need your describing but it comes at a cost that I'm not willing to pay. I keep hoping to find a way to allow you and I to have our cake and eat it, too. Hopefully someday we will. 🙂

++dave;

wjdp

@dteare Thanks for the link, appreciate this is a tough problem to solve with various platforms and users.

The current sorting method in the 1Password X extension seems to be alphabetical. Would you be willing to experiment, or offer an option, to sort first by subdomain match and then by A-Z? No passwords seem to be hidden under a 'more menu' today.

dteare

Hello @wjdp,

Sorry, I think I confused you with my writing style in the comment I linked to. What I was covering there was the various ways that we've tried to solve this issue over the past decade and how each solution came with their own challenges. 1Password X today shows items in an alphabetical list.

Overall I'm quite happy with the simple alphabetical sorting. Overall it has solved more problems than any of the other approaches we tried. While I'm not against trying new things, for the time being at least we're going to leave things the way they are. The search in the inline menu works quite well and mostly solves the issue.

With that said, this is indeed a conversation that comes up frequently, both with customers and amongst team members, so I'm sure we will be revisiting this someday.

++dave;