Feature suggestion - domain-level password filling
It would sometimes be useful to have 1Password tee up the login for all pages on xxxx.com domain.
For example, all WSJ.com URLs would have my login saved.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hello @kieran01,
Unless I'm misunderstanding your request 1Password already does this. Let's say the login page you normally use is at
subdomainA.example.comand that is the FQDN (Fully Qualified Domain Name) saved by 1Password in the Login item. 1Password will still consider this a match for any subdomain ofexample.com. If you have Login items saved for different subdomains on a particular site it will favour the exact match where possible. If I've misunderstood please correct me :smile:0 -
@littlebobbytables Ah you are right.
I was trying to read this article: https://www.wsj.com/articles/amazon-google-others-are-developing-private-air-traffic-control-for-drones-1520622925
I guess the solution here is to add https://sso.accounts.dowjones.com/ to the
website 2field0 -
Greetings @kieran01,
That would explain it and I haven't seen that before with their site. In fact their sign in button points to https://accounts.wsj.com/login?blahblahblah but as you note, you're redirected to a very different domain. There are extremely few equivalencies hardcoded inside of 1Password, the one that springs to mind is that icloud.com is part of Apple and as you can guess, we are very cautious about these sorts of things. Adding a second website field will work. Obviously we'd ask people to be careful when doing so, our biggest fear would people becoming relaxed to phishing attempts and editing a Login item to fill somewhere in hindsight that you wish you hadn't but that doesn't seem to be the case here. Instead this looks like maybe the parent company is attempting some consolidation in the backend servers.
0 -
Yes WSJ has been doing a lot of reorganizing...
It's not that difficult to find your credentials anyways, 1Pass has them right there! The second website field works fine for me. Seems it is a low frequency event, and not a feature a (reputable) website would desire.
0 -
Yeah, kind of weird. In general, it's pretty important that 1Password doesn't allow filling at URLs other than the one where you saved the login, to prevent phishing attacks. But you can always add multiple URLs explicitly if you want to allow that. Cheers! :)
0 -
@littlebobbytables I was wondering for quite a time that 1Password filled in my iCloud logins on many Apple sites. So glad, that I found this post where you mention hardcoded "equivalencies". Is there a list of sites that you handle in that way?
0 -
Hi @klaas,
It's a pretty small list and we rarely add to it without very compelling reasons. As a result they're typically big names for the most part.
- Apple: apple.com | icloud.com | me.com
- Microsoft: microsoft.com | live.com | msn.com | hotmail.com | outlook.com
- Amazon: Covers the various country specific domains - an Amazon account works equally well in any country specific version of the site.
- eBay: Similar to Amazon
There are a couple of others but that's the big ones. As I say, we rarely add anything and only when there is a very compelling reason to consider two different registered domains as being equivalent. That reason usually factors in how large the company behind the site is as it's a reasonable indicator of how many of our users may be impacted. I'd say it's also it's somewhat uncommon to find sites that would need to be added as well as not many companies span multiple and distinct registered domains.
0 -
@littlebobbytables Thank you very much for the insights!
As a macOS developer I have to login to a lot of Apple sites and only sometimes to iCloud. So this was always confusing.
0 -
Glad lil bobby was able to shed some light on things (though that isn't completely true of Amazon). We're here if you have any other questions. :)
ref: xplatform/filling-issues#148
0
