Stricting URL matching for subdomains ?

13

Comments

  • ag_tommy
    edited October 2020

    @Stevoisiak

    Noted, and thank you for sharing.

    ref: dev/projects/customer-feature-requests#31

  • jv408
    jv408
    Community Member

    +1 to requesting strict subdomain matching. This would make 1Password so much more useful for my day to day work.

  • fe2516
    fe2516
    Community Member

    +1.
    I have more then 20 subdomains URL for different internal services in my workplace.
    Strict subdomain matching would be very much appreciated.

  • tomcoonen
    tomcoonen
    Community Member

    +1, This should al least be an option... Please take action on this.

  • chrispiner
    chrispiner
    Community Member
    edited November 2020

    Having just started testing 1Password as an alternative to LastPass, this is an absolute nightmare.

    Working from Safari on a Mac is usable as you can see the site title and select, but, every single login for domain.tld shows on iOS, and for accounts using an email address, there is no way of knowing what you're choosing without first trying one. It doesn't then help next time as you have to remember where in the list it was (erm..), and to further compound the issue, it also suggests an entry which is no way matches the site you are on.

    In contrast, LastPass shows you the subdomain.domain.tld so you can select the right one.

    Is 1Password aimed at a non-technical audience, and as such why it doesn't match for subdomains? This seems like a huge oversight and renders autofill on iOS entirely useless; I may as well be opening 1Password and copying from it each time.

    Chris

    PS: Might I also add that iOS helpfully reorders the list based on the last selection, so the one you selected now moves to the top so you end up with a bunch of 'admin' logins at the top, with nothing to distinguish them :sweat:

  • diiickie
    diiickie
    Community Member

    I couldn't have said this any better than chrispiner above. Love 1Password and on the Mac it's useable with the subdomain issues but on iOS it is hindering the experience. Having to open 1Password every time when iOS has built-in functionailty with password managers seems counter intuitive. I understand the point on making a password management app simple for the masses as more people need to get on board with it but I don't see why that would mean advanced options for "power" users couldn't just be hidden for us to enable when required.

    I want to put 1Password in for my IT team's use of passwords but this is one area which will be a nightmare as all of our internal services use our company subdomain and have differing credentials.

  • RichL
    RichL
    Community Member

    I've also stumbled upon this thread while looking for this feature. I'm a long-time LastPass user but wanted to switch to 1Password due to a better reputation, but in the current state I cannot use it.

    I've seen multiple replies stating that "Exact Match" entries are listed first, and while this is true for the Windows app and Chrome Browser extension, it is NOT true on the Android app - there is no grouping of suggestions like in the desktop apps. The sorting appears to be alphabetical based on site name, which meant for me that the exact match credential I was looking for was displayed at the bottom of the list.

    I also understand the reluctance to add a feature which would change the existing behaviour for other users, but as others have pointed out, the current behaviour would be unchanged. Indeed in LastPass (the only one I'm familiar with) the setting is buried fairly deep but behaviour for anyone who doesn't venture to that section is unchanged.

    I appreciate that by the looks of things this isn't going to happen anytime soon (if ever) but unfortunately this means I cannot switch, as I have many subdomain sites which I access on mobile.

  • atothek
    atothek
    Community Member

    Is "strict subdomain matching" what would enable the following to be handled by a single password entry?

    https://server1.domain.com
    https://server2.domain.com

    I have literally hundreds of subdomains part of several LDAP domains (maybe 5). It would be a lot of effort to add all the URLs individually to the separate password entries and I don't want hundreds of password entries for the same password (with only the URL different).

  • aurelia
    aurelia
    Community Member
    edited January 2021

    It's not like you didn't already implement the public suffix list for this (which you haven't pulled in ages, this should be a routine maintenance release task - this is quite close to being a security bug).

    Why is it so hard to let the user add some domains and then merge that into a list the client uses? The use case seems to be "I want a handful of domains to be separately matched" and not "I want all separately matched" after all.

  • FaeTheWolf
    FaeTheWolf
    Community Member

    +1 for some sort of strict-matching, whether its an option toggled individually per saved-login, or a global option in the "advanced" settings.

    I thoroughly agree with earlier commenters that it seems completely asinine to claim that adding an option somewhere to enable this would make the app "less approachable". I absolutely agree that there are users who would be utterly confused by strict matching being the default mode—but it makes no sense to completely eliminate the options, especially when it used to be an available setting!!! Whether you call them "power-users" or "business clients", there are clearly many people who suffer from this choice, especially in the current work-from-home climate.

  • This content has been removed.
  • NebbyWan
    NebbyWan
    Community Member

    Just wanting to add my +1 here; a per-password tick box making it strict would be amazing.

  • Werner85
    Werner85
    Community Member
    edited February 2021

    +1 from me, I cant understand why something like this still has not been fixed. 3 years have passed since the first post... And it's not that just one person requested this feature.

  • andmade
    andmade
    Community Member

    RichL’s point about the lack of consistent sorting as evidenced on Android (and refusal to change it) was so annoying, I had to do stupid name shenanigans to get my most used to show up first.

    Anyway, I’m sorry but Ben’s point about not wanting to explain subdomain matching and wildcards to his grandma doesn’t hold water. You could EASILY have the current method be the default and have an advanced config for the many who have clearly and repeatedly demonstrated a need for it.

    Advanced users are the ones who are ultimately asked for recommendations on what software to use and yet 1P rebuffs ideas to make using your software easier for them at every turn. Like fe2516, my workplace has a much of internal/subdomains with different credentials and 1P shows the logins for all 15 of them every time. It’s ludicrous.

  • helmut86
    helmut86
    Community Member

    Please fix it. We are using a lot subdomains with different accounts.

  • fabiopedrosa
    fabiopedrosa
    Community Member

    +1 don't see why this can't be exposed as an "advanced setting". not unless you don't care for the users input.

  • chrishamilton
    chrishamilton
    Community Member

    We just signed up for a corporate account but I never imagined something this basic would be a limitation. I wish I would have known there was no interest in fixing this issue before we went through the training and set up a bunch of users.

  • This content has been removed.
  • nick001
    nick001
    Community Member

    +1 from me as well. I switched from McAfee's True Key to 1P. While it's off by default, True Key allows you to turn on strict sub-domain matching for each login. We have multiple tools/environments at work using different subdomains. While a few use the same authentication, most do not.

  • faffe
    faffe
    Community Member

    This is just about the first thing you notice about 1Password as a power user: what an ungodly mess of logins you have to sort through on some sites.

  • This content has been removed.
  • iHavoc
    iHavoc
    Community Member

    I really want to switch to 1Password from LastPass because of the recent trackers found in LastPass but not having this option is a no go migration for me and the company I work for. I honestly can't believe how hard they are pushing back on a part of the product that is obviously broken for so many. If they will say they will change this in next 6 months I will consider, but until then looks like I will have to look elsewhere.

  • gembrain
    gembrain
    Community Member

    I cannot understand why 1Password are not taking this on board. I just spent a frustrating couple of hours with my 80 year old Father-in-Law on IOS. Bt.com, with millions of customers, have different passwords for different sub domains - so shop.bt.com is different to bt.com. He has both and IOS 1Password doesn’t distinguish. In the list of choices it just says bt.com twice..... This is no fancy setup, a basic user. At least make it clear for selection which one is which by displaying the subdomain! Sorry, love 1Password, but this isn’t good enough.

  • reub
    reub
    Community Member

    I don't wish to be rude as it seems the product support have been engaging openly on this despite the disappointing lack of resolution. But I do wish to add my voice to the number of users who are quite frustrated by this behavior and ask again that it be prioritized. As others have pointed out, this can be done without causing confusion to novice users, is affecting a substantial segment of logins (subdomains) and is clearly impacting many users. That there may be technical limitations on some platforms is understandable but it seems instead that user experience is the primary reason 1Password has decided not to address this. Please reconsider.

    I was unaware of this thread when I posted a more specific rationale here earlier this year

    One specific follow up comment to @Ben: You've stated that the best match should land first and asked how that is not sufficient here. I can't speak for others but, for me, in the (hopefully) quick interaction with 1Password I think there is a human factors impact when a single match is returned vs a list. A single match feels much better and is quicker and easier for the brain to process. There's secondarily the notion that having incorrect (or fuzzy) matches listed cues the brain to go validate the vault data despite it being correct. I hope that's helpful.

  • GsMumbo
    GsMumbo
    Community Member

    How is the support here this out of touch? It's one thing to be honest about the future plans of your product. This isn't on the road map, and unfortunately it's already been dismissed as a future addition. Done.

    Reading through this thread though, the main support member is actively trying to downplay people's feedback. This issue is real, there are plenty of people here stating so. There's no need to try and convince the impacted customers that their experiences don't matter. That's horrible support, and this thread should be reviewed internally to retrain the support members around empathy, and handling feedback constructively. Note - that doesn't mean actually implementing a fix, it means being able to manage expectations while properly handling your community with care. That's very clearly not happening here.

  • herdl
    herdl
    Community Member

    +1 from me.

    Having just migrated from LastPass I'm disappointed by this missing and what I consider to be essential feature. What's even more disappointing though is the lack of desire to add this to the roadmap despite the number of people this is affecting. Not a great start.

  • This content has been removed.
  • ericroch
    ericroch
    Community Member

    I would also like to add my +1 to a toggle for stricter matching. This thread opened with a suggestion to disable a checkbox in Settings to enable this behavior, and when it was pointed out the setting was removed, Support said that the default and only behavior now is having that old checkbox ticked. That directly breaks the suggested resolution to the original problem!

    @Ben, you've mentioned several times that the behavior now should be that closer matches are sorted above more general matches (and below favorites). This is not my experience though with the latest version on MacOS. I have logins for example.com across two vaults: personal and work. My personal vault has one login for id.example.com which is favorited. My work vault has logins for sub1, sub2, sub3-ext, etc, none of which are favorited.

    When filling a password on sub2.example.com, I would expect to see id.example.com, sub2.example.com, sub1.example.com, sub3-ext.example.com, in that order. Instead what I see is that everything below the favorited item is simply presented alphabetically, not based on the subdomain matching.

    I think the closest-match-sorted-to-top strategy is sufficient, if not ideal, if and only if it works correctly and reliably. You've stated how you won't add the advanced feature because it will confuse new users and would be hard to support. Well I argue that you've put yourself in that situation anyway with this implementation, as there are clearly a lot of people (likely many more than chose to comment on this thread) who are looking for a way to have "strict[er] URL matching for subdomains" and are confused by the broken sorting. And if you chose this route because it is "easier to support" than strict urls, but still have bugs in it, then perhaps you need to re-evaluate the resources devoted to this feature, and how much alternative solutions would cost.

    (Note, I use "you" in the general sense to refer to 1Password the company and the engineering team as a whole. Don't take personal offense to the above.)

    I really enjoy 1Password and will probably keep using it despite this friction, but it is really frustrating to be presented with irrelevant autofill suggestions so frequently, and then be told over and over "we are not going to look at this as a feature" in the support forum. @ag_ana's responses feel a little canned and "customer support-y", and I'm know they provide no more of a promise than your responses, but they at least don't shut down the possibility and make it look like 1Password is ignoring the desires of users. We all know "Thanks for your suggestion, we'll be sure to consider it for a future release" likely means it's going nowhere, but it's still nice to hear.

  • 1passer
    1passer
    Community Member

    Hit this issue today with a user. Much earlier in the process, when going to a new subdomain for the first time on a desktop browser, it would be great to have the create new login/password in the password suggestion box directly in addition to the update existing login. So the user can choose if the subdomain requires it's own entry. That said sorting for most likely match is ok but not the best for now.

  • reub
    reub
    Community Member
    edited March 2021

    While this issue is frustrating, it's much more disappointing that 1Password has not responded to numerous thoughtful and constructive comments pleading for a resolution over the last five to six months. I've been a big fan of this software since very early days and happily moved to the subscription model even after paying for a lifetime license preceding that. This is the type of engagement with users that makes me reconsider alternatives. I hope 1Password will consider this and listen to the feedback on this thread.

This discussion has been closed.