Multiple Login's But One Password

13»

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for chiming in on this too @Rob Raymond, I have let the developers know that you would also find this useful :+1:

    ref: dev/projects/customer-feature-requests#16

  • cdowning
    cdowning
    Community Member

    I'd like to add my +1 to the multiple usernames with the same password… request. There have been some good 'workarounds' suggested in this thread and also here: https://1password.community/discussion/comment/465284#Comment_465284

    However they're all time consuming and not proper solutions. Similar to Rob Raymond the school I work at (1500 users) has systems that require:

    • domain\username
    • username
    • username@domain.com
    • username@fqdn.domain.com

    So for the 1P devs & their working out what to prioritise… that's a +1500 ;) .
    It affects all our 1500 users having to change up to 4 login items every 90 days and that's 1500 users that have to ignore WatchTower's Reused Password section.

    I appreciate that the seemingly simple idea of linking groups of URL's to one of several usernames in a single login item has implications for 7 different 1Password apps now, but I think this frustration and the various work-arounds are going under-reported to your dev team. I think this is affecting more users than you think it is.

    As SSO and password-hash-sync become more & more pervasive, having 1Password be the first to support this common enterprise scenario will give you a clear market advantage.

    Just my 10¢ worth :)

  • ag_ana
    ag_ana
    1Password Alumni

    Noted @cdowning, thank you :)

  • mikmart
    mikmart
    Community Member

    Just a +1 from me also. I'm using the workaround of separating the multiple usernames to logins without passwords, and using a separate password item without a username to fill the password separately. It gets the job done for now, but it would be nice to have this use case properly supported, too.

  • Thanks, @mikmart. We've taken note of the request, and appreciate your feedback! 🙂

  • palendrance
    palendrance
    Community Member

    Multiple logins with a single password would be a very good feature to have. I understand why it might be difficult to consolidate all of the username variations into single login item. There just aren't many good ways to make a useful UI for handling that kind of functionality. Not to step on anyone's toes, but UX is my background and I do have some suggestions for ways to go about that.

    1. Keep single username the default, but allow adding username fields. All logins should default to using the first username. Under Websites and Linked Apps have a checkbox for "Use a Different Username". When checked, a dropdown menu us revealed below/beside to select which username should be used. Usernames may need some sort of UUID or other identifier in the background to maintain references if the order/name changes. If a user tries to delete a username that's in use, either a warning will need to be displayed or the override username field will need to be reset. This is probably the most work, but the most cleanest and usable UI overall.

    2. Add a new SSO item type. The SSO item has all of the same fields as login, but you add multiple logins (though the password is global and at the top). Each named login section has fields for username, website, and linked apps. Ideally each named login section should allow multiple websites and linked apps, but it could be acceptable to use the SSO item like a sub-vault and have a separate login for each website/app. This may or may not be easier for you to implement than option 1, but it isn't quite as nice and clean as the first option.

    3. Add a linked field option for the password field. A user selects "Link Existing Password" from the ellipses menu next to the password field, then selects the entry that the password should inherit from. After that, it should show inherited from next to the password. It should either block manual editing of the password field, or update the linked entry's password upon edit. Depending on your structure, this is probably the easiest one to build out and the most extensible, but it's a bit sloppy and not as friendly to less advanced users. This is also probably better than option 2 if you are only able to do sub-vaults.

  • Blake
    edited August 2021

    Hey @palendrance!

    We definitely appreciate you taking the time and effort to leave the extensive and detailed suggestions here!

    As you mentioned, this is something that's certainly a difficult task to undertake, but I do totally understand how this could help folks in some workflows.

    I've gone ahead and added your voice to the internal issue that we've filed with our development, alongside the feedback you've left here! 😊

  • wizofoz
    wizofoz
    Community Member
    edited August 2021

    I would like to support the above requests, of linking same e-mail/password credentials to numerous URLs. This would also help with my corporate account (even though we are using SSO), as well as it applies to my university account.

    I'd also like to add another detail for consideration, pls:
    over the years, I have aggregated many URLs with the same e-mail/password credentials. For both work places, I have 15-20 different URLs, that share the same password, and Watchtower constantly reports this as an issue. I would like to clean this up, in a user-friendly way:

    E.g. I would dream of 'consolidating' those individual logins, by
    1. listing them all in a column (by doing a search on 'userxyz'),
    2. selecting them all (by shift-click on all entries)
    3. merging those multiple entries into one new login, that holds: userxyz/password - AND all those URLs from the previously selected entries, within that new login (as separate URL fields, instead of me manually updating those URLs). - That is new new feature we need!)
    4. going forward, I could use the same userxyz/password for all those URLs. When prompted by my corporate security, I would then only have to change one password for all the SSO sites - and I'd be done!

    Hope that helps and I could make my request clear enough.

    Thanks for considering this request, which would make our lives certainly much easier with 1password, which already is a great product!

  • ag_ana
    ag_ana
    1Password Alumni

    @wizofoz:

    I would like to support the above requests, of linking same e-mail/password credentials to numerous URLs.

    If all of these items have the same email and password, as you write, you can already do this by adding multiple URLs to the same login item. Currently this needs to be done manually by adding the URLs to an entry though, so I certainly can see how it would be useful to have a "consolidate" command :+1:

  • wizofoz
    wizofoz
    Community Member

    Right, I understood that I can already do this manually.

    Yet, whenever I want to login to a new URL with that same email/PWD combination, on the same (corporate) domain, I have to create a new login first, before I can edit it or 'append' a new URL to an existing one. The suggested manual consolidation can only happen afterwards. And that is a bit of a painful process, doing many steps manually.

    That's why that consolidate feature would really be useful. Alternatively, it would be nice to append a new URL to an existing login, as part of the 1password plugin in my browser.

    Thanks for bringing this fwd! 👍🏻

  • benmattison
    benmattison
    Community Member

    @wizofoz If it's the same username, the same password, and the same domain, you should be able to log in on any URL without making any changes. Try changing the URL in the login to just domain.com.

  • wizofoz
    wizofoz
    Community Member

    Thanks for your suggestion, @benmattison .

    Technically its always a different subdomain, so this would not work.
    e.g with my university it would look as follows (examples):
    http://LIBRARY.domain.com
    http://STUDENTS.domain.com
    http://TEACHERS.domain.com

    Beyond that, some domains use the same credentials, but would even have a completely different subdomain/domain structure.

    Looking fwd to anything like the consolidation feature as above.

  • benmattison
    benmattison
    Community Member

    @wizofoz I work at a university too, and that's exactly my setup! Try putting in domain.com and ignoring the subdomain and see what happens.

  • ag_ana
    ag_ana
    1Password Alumni

    That is a good suggestion: since 1Password works at the domain level for matching credentials, this will work even if the subdomains are different or removed completely from the URL :+1:

  • disi
    disi
    Community Member

    Hey everyone,

    i've read through all of this topic which is quite interesting. I want to suggest the following for "solving" this kind of problem:

    Make it possible to "link" items regarding something like:

    I link a password together but not the username, which resolves at watchtower as this is "one big item" kinda stuff.

    This would basically allow to how multiple OTP, Usernames, E-Mails etc. with the same password. This shouldn't be a big change to make and could help with this issue?

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for the suggestion @disi! We don't know yet how this would look like, but I know that this is one of the options that our developers have been discussing :+1:

  • aliminat0r
    aliminat0r
    Community Member

    This also applies to E-Mail (POP/IMAP) credentials and the corresponding webmail login...

  • ag_ana
    ag_ana
    1Password Alumni

    Correct @aliminat0r :+1:

  • vivi1232
    vivi1232
    Community Member
    edited January 2022

    Hi, I also want to add that I also have the same problem that everyone else has referred to, except it's for school. I use 1password for personal and for school. For school, I usually have to log in with my school email: name@school.edu OR sometimes use my ID#.

    Yes, I can see that many people have posted those long (and some have said), rather cumbersome, workarounds OR I could just accept that I might have that "Duplicate password" warning forever and just try to ignore it...

    BUT I think all of us would really love it if 1Password would finally do something about it, whether that is allowing us to link the accounts so that they can be ignored, OR allowing us to remove some of the logins from the Security Audit (probably most preferred so that people can have more flexibility with it). Other password managers have that function and I miss being able to do that.

    I also go to a SUNY school, which means this could be a problem for any SUNY student, faculty, or employee, across the whole state of New York (probably tens of thousands of people) and it would be in 1Password's best interest to fix this problem for the thousands of current and future/potential employees/ students/ users they would like to add.

  • Hi @vivi1232:

    Thanks for your feedback here! I've added your input to the issue my colleagues have mentioned above. :smile:

    Jack

  • jh125486
    jh125486
    Community Member

    Any update on this multi-year long issue?

    The URL spec in RFC3986 allows a username (in userinfo) as I recall. Could that just be used?

  • Hi @jh125486:

    Nothing to share just yet, but I'll add your thoughts to our internal issue on the subject.

    Jack

  • BGuffey
    BGuffey
    Community Member

    Hi all - just chiming in here to say that this is something that would be extremely helpful for me as well. We use Okta which creates this same problem.

  • potentialSwitcher
    potentialSwitcher
    Community Member

    Hi everyone, thinking about switching to 1password from KeePassXC. But having the ability to reference the same password for different entries is a killer feature for me.
    I have an SSO login in my org. Some sites use email/password (covered by the current 1pass version), and some use username and password. And every 3 months, I should change my password.
    I partially like how this use case covered in KeePass - every entry has a unique UUID and you can reference any field you want by a field code and entry UUID. Every 3 months, I change the password for only one entry, and this change is populated to others.

    Have you come up with some solution yet? I really like the UI and the CLI client. But I can't live without this tiny but so-needed feature. I recently changed the org, where 1password is required. But it looks like such essential use case isn't covered. Change 7 entries every 3 months is a PITA.

  • potentialSwitcher
    potentialSwitcher
    Community Member

    FYI this is how it's done in KeePass. Maybe you can find inspiration there - https://keepass.info/help/base/fieldrefs.html

  • Hey @potentialSwitcher:

    Handling SSO is a situation we'd definitely like to improve on. While I don't have anything specific to share just yet, this may be informative: A vision of the future with 1Password

    I found that storing my corporate Login as jackp@example.com, and then filling that Login and editing as necessary to sign into places where jackp or example\jackp was expected worked best for me.

    Jack

  • NetMage
    NetMage
    Community Member

    It is a shame to see there was time to completely rewrite the iOS app from scratch (tone in many ways worse) but not to resolve the shared credentials for multiple sites issue in the last three (five? six?) years. Which I have as well, in an enterprise domain environment with AD or email username being used for multiple sites and services.

  • DJ001
    DJ001
    Community Member

    One more request for handling shared credentials. 5 years this month since this thread was started. This must not be a very popular feature request...

This discussion has been closed.