Stricting URL matching for subdomains ?

24

Comments

  • justanotherpaul
    justanotherpaul
    Community Member

    I'm in a similar situation here, my company has several distinct products at subdomain1.mycompany.com, subdomain2.mycompany.com, etc, each with different credentials and I would prefer only seeing the ones relevant for the subdomain I'm on.

    I agree the default behaviour is fine most of the time, but I would very much appreciate an advanced setting for users who need it. I'm migrating from LastPass, and there I had the option to tell it not to do subdomain matching for mycompany.com. Not having a similar option in 1Password is a deal breaker, unfortunately.

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for sharing your use cases with us @justanotherpaul :+1: We will continue to evaluate how best to address it.

    (And welcome to the forum!)

  • steve28
    steve28
    Community Member

    @Ben No one would be "forced" to use wildcards. I just don't get this response. No "advanced" user ever edits the URL field anyway, so why not allow "advanced" users go in there and put a "*"?

  • ag_ana
    ag_ana
    1Password Alumni
    edited June 2020

    @steve28:

    Thank you for sharing your perspective with us, that is very useful :+1: I can see how this could be useful to you, so we will definitely keep your feedback in mind :)

  • Botts
    Botts
    Community Member

    Fair point @Ben. Explaining 1Password alone is sometimes a lengthy process. Like @steve28 said though, it shouldn't be forced, but perhaps hidden in an advanced field.

    I just noticed it is a way bigger issue on iOS. I've been moving most of the devices I manage from IPs in 1Password to FQDNs, all with the same domain. When I opened Safari and tried to log into page, it brought up a half dozen 1Password suggestions, and since many devices force "admin" as a username, it's a lottery as to whether or not you click the right autofill. You can open 1Password's share sheet and look at titles but that definitely slows things down.

  • @Botts

    We've got our fingers crossed that there'll be some improvements in autofill announced at WWDC that may help us with the second bit. In the meantime, yeah, either tapping into the 1Password UI from within autofill or using the share sheet would be the only way to see titles. The autofill UI itself doesn't have any way to display them.

    Ben

  • chelayel
    chelayel
    Community Member

    I think this option can be implemented in a way that avoids any problem for regular users.
    Simply have an advanced mode toggle in the settings to show/hide strict matching, and when it's enabled, the user can check if they want strict matching based on the URL, maybe a check box next to the URL in the Login page. In that case even if a regular user enables this option, they would have to trigger it per URL.
    Another option would be to allow regular expressions on the URL, only advanced users will know how to use the regular expressions and thus this avoids the hassle for regular users.

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for both suggestions @chelayel! :+1:

  • chelayel
    chelayel
    Community Member

    @ag_ana no problem, I really hope that this feature can be implemented soon! :)

  • Unfortunately, while there was a ton of great stuff, I don't know that anything announced at WWDC helps us in this regard. I wish I had more encouraging news, but as it stands I don't foresee this changing.

    Ben

  • chelayel
    chelayel
    Community Member

    @Ben I don't understand how the strict URL matching is related to WWDC. A solution to this should be platform independent.

  • Ben
    Ben
    edited July 2020

    We were hoping for some changes to the autofill UI on iOS to be announced at WWDC. As it stands, we cannot implement "strict matching" without breaking functionality for at least as many if not more customers that rely on it working as it does now.

    Adding preferences is a high bar... to the point that it might as well be a non-starter.

    I'm sorry I did not have the answer that you were hoping for but whenever possible I'd rather not give false hope or false impressions. This isn't something that's on the to do list and doesn't appear to be something that will be added to said list unless there's a significant change in the landscape.

    Ben

  • mouseron
    mouseron
    Community Member

    This issue had been bothering me for a while and finally decided to see if I could find a solution on google, which lead me to this support thread. Disappointed to read the replies from @Ben

    I also manage 1password for a number of users at my company where we have different resources at

    sub1.ourdomain.com
    sub2.ourdomain.com
    sub3.ourdomain.com
    etc

    Due to the way security is implemented, we have different passwords for each one and it's confusing to some users when they see all the subdomains being matched in 1password (even if the closest one is at the top).

    It would be great to have strict subdomain matching.

    Please add me to the number of requests for this feature to be implemented.

    As we grow, it might become too cumbersome to manage this and I may need to look at other password managers.

    Fingers crossed.

  • Thanks for adding your thoughts here @mouseron. This isn't something we're currently planning on doing, but I'll be sure to let the team know of your interest.

    Ben

  • JoeMurray
    JoeMurray
    Community Member

    It would be good if the dates for posts included the year, since I'm not sure if this is a recent or ancient thread.

    I have troubles with 1password showing many logins for all subdomains.domain.tld, when it should from my perspective just show the entry for subdomain1.domain.tld. It makes the product much less user friendly when one is on a website, the browser plugin can't filter usefully down to the entry required so one has to open the app, search for the right entry, then copy the password, go back to the login page and paste. Grrr.

  • Hi @JoeMurray

    It would be good if the dates for posts included the year, since I'm not sure if this is a recent or ancient thread.

    They do, unless the post is from this year. e.g. this is the first post in this thread, which was from 2018:

    My post above was from July 27th of this year however:

    My apologies for any confusion caused.

    I have troubles with 1password showing many logins for all subdomains.domain.tld, when it should from my perspective just show the entry for subdomain1.domain.tld. It makes the product much less user friendly when one is on a website, the browser plugin can't filter usefully down to the entry required so one has to open the app, search for the right entry, then copy the password, go back to the login page and paste. Grrr.

    The list should be sorted based on closest match... so if you're on subdomain1.domain.tld and you have a Login item that has subdomain1.domain.tld on it and another that has subdomain2.domain.tld on it, the former should appear first in the list (unless the latter is marked as a favorite). Not showing the other results at all would significantly hinder usability for those who work with websites where the same credentials work across the entire domain.

    Ben

  • JoeMurray
    JoeMurray
    Community Member

    Almost a reason to switch to other software if no setting is created to turn this on or off.

  • Understood, @JoeMurray. I don't imagine a setting will be created. I hope you're able to find a solution that meets your password management needs, even if ultimately that is not 1Password. I'm sorry for the inconvenience here.

    Ben

  • davidmirv
    davidmirv
    Community Member

    This is a horrible response as 1password seemingly positions itself as an enterprise ready solution. I have 3 domains in my 1p with scores of logins for each that should be able to identify only the ones for that specific URL , then maybe fall back if none were found but this is kind of ridiculous that for foo.bar.com I get all logins for *.bar.com this is an undesired behavior and a major usability issue. At least give us options here.

  • I'm sorry @davidmirv but that is the feedback I'm getting from our development team. I'm not sure I understand the importance of this to you though. Would you be able to elaborate for me? The way this is supposed to work is that the closest matches by URL will generally be shown first. So, if you're on foo.bar.com, yes, results for *.bar.com will be in the list, but your result for foo.bar.com should be the first suggestion. Is that not happening for you? If it is, could you please help me understand what the significance of changing this behavior would be?

    It is entirely possible we're missing something here.

    Thank you.

    Ben

  • davidmirv
    davidmirv
    Community Member

    Yes it works as you described but it does not work well if you want to login to a new subdomain and don't have a login previously saved, I cannot add a new one for that site without going directly into 1P and adding manually.
    Its entirely useless for me to see all of the other subdomains as well. I should be able to have exact matching for some logins, I get why this feature is useful but there are edge cases where it causes major usability issues

  • @davidmirv

    Yes it works as you described but it does not work well if you want to login to a new subdomain and don't have a login previously saved, I cannot add a new one for that site without going directly into 1P and adding manually.

    What is it that prevents you from adding a new login for the site in question here? Unless you are using the same username and password as an existing login, if you have the option turned on (it is by default), 1Password should be prompting you to save these logins.

    Its entirely useless for me to see all of the other subdomains as well. I should be able to have exact matching for some logins, I get why this feature is useful but there are edge cases where it causes major usability issues

    What is the usability issue? I understand there may be a long list of extraneous logins, but if the first results are the closest matches I'm not seeing the problem. Similar to how search engines return hundreds if not thousands of results, but the first are the most closely related to your search terms... it isn't as if you search Google and only get one result returned?

    I'm trying to understand what the core of the issue is here. There may be existing ways to address the issues you're having without crippling this functionality for those who need to use the same credentials across various subdomains. Thank you for your patience in working through this.

    Ben

  • benrifkah
    benrifkah
    Community Member

    I thought I'd mention a workaround (for the OP's issue) that I hadn't seen mentioned on this thread yet.

    When there are lots of items in the auto fill list because their URLs "match", I use the search feature in the autocomplete to narrow down the list further.

    Here's what a founder @dteare had to say about it:

    Now the thing is, what are power users like yourself and I supposed to do on those sites that have tons of logins saved? That's where search comes in. I've used this at least a hundred times on sites that have more than 10 logins and I think it works pretty well. What I love most about it is search is integrated directly with the fill tab so you simply start typing and the list automatically narrows down to those logins which match your search criteria and the current domain that you're on. There's no switching contexts or hot keys required. Simply start typing what you're looking for and 1Password will highlight it for you. And the search includes all the login's URLs as well so there's no need for any special naming conventions, either, which gives another ++ to the simplicity of this entire approach.

    You can type anything from the 1Password entry title, url or username, and possibly other fields and items that don't match will drop off the list.

  • A great point @benrifkah. Thanks for sharing! :)

    Ben

  • fgrau
    fgrau
    Community Member

    I don't see how offering the possibility of wildcards would compromise your goal of becoming more approachable - it doesn't need to be advertised, just needs to work and be documented in the help. No beginners would find it/be confused by it.

    Would be a great help for me as well (usual use case: enterprise with a lot of different test environments).

  • ag_ana
    ag_ana
    1Password Alumni
    edited October 2020

    @fgrau:

    Thank you for chiming in on this as well, and for specifying your use case. I have added you to the list of users who would find this feature useful :+1: :)

    ref: dev/projects/customer-feature-requests#31

  • ag_ana
    ag_ana
    1Password Alumni
    edited October 2020

    @zachel:

    Thank you for the feedback! Generally, our bar is quite high before we add a setting to the advanced section of the app (if you look around on the forum and see the requests for new settings that are regularly posted, you will see that we cannot add everything as a setting ;) ), but I also see how handling subdomains this way would be better for you. I have also passed your feedback to the developers for consideration :+1:

    ref: dev/projects/customer-feature-requests#31

  • Stevoisiak
    Stevoisiak
    Community Member

    Seconding support for strict subdomain matching. It's sorely missed after switching from Dashlane.

This discussion has been closed.