how do i get 1password x sub-domain matching to select the right login?

matty666
matty666
Community Member
edited February 2021 in 1Password in the Browser

I have a number of sub-domains on a server, and whenever i visit them 1 password x has a list of all the matching domain logins, but suggests ones that don't match the sub-domain, some of the time.

some of the sub-domains do get suggested correctly and some don't. are there any tricks to getting the suggestion to match for each sub-domain?

the main urls i use are the first website url in each login


1Password Version: Not Provided
Extension Version: 1.23.1
OS Version: windows 10 20H2
Sync Type: Not Provided
Referrer: forum-search:1password x url matching

«1345

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @matty666!

    1Password will suggest all Logins that match the domain, regardless of the subdomain, so this behavior is by design. However, it should show the ones that match the subdomain as well at the top of the list.

    the main urls i use are the first website url in each login

    Can you please elaborate? Do these logins have multiple websites fields?

  • matty666
    matty666
    Community Member
    edited February 2021

    Yes, so each sub domain on the server is accessible via the sub domain, and via the same ipaddress and a different port... and also there are others servers that have different up addresses and subdomains that also don’t suggest the right login

    I will make an example later to explain

  • ag_ana
    ag_ana
    1Password Alumni

    Understood @matty666, thank you!

  • matty666
    matty666
    Community Member
    edited February 2021

    Lets say i have this set up:

    login 1
    http://sub1.domain.local
    http://192.168.0.1:6666
    favourite
    
    login 2
    http://sub2.domain.local
    http://192.168.0.1:7777
    
    login 3
    http://sub3.domain.local
    http://192.168.0.2:5555
    favourite
    
    login 4
    http://sub4.domain.local
    http://192.168.0.3:5555
    

    If i go to http://sub1.domain.local 1password is suggesting login1, however when i go to http://sub2.domain.local, it suggests login 3, as does going to http://sub3.domain.local and also http://sub4.domain.local

    could it be due to the favourites? actually it does seem to be that, i added login2 to favourites and now when I visit http://sub2.domain.local it suggests login2 as the first login

  • matty666
    matty666
    Community Member
    edited February 2021

    I just added all my logins for the sub-domains to favourites and now it's suggesting the right one for each... seems like favourites take precedence over sub-domain exact match

  • ag_ana
    ag_ana
    1Password Alumni

    @matty666:

    That's correct: 1Password matches at the domain level, not at the subdomain level, so adding something as a favourite will bring it to the top of the list for a certain website :)

  • ReynHartono
    ReynHartono
    Community Member
    edited June 2021

    Hi,

    Sorry for replying to this old thread. But I'd like to add something regarding this issue.

    I'd really love it if you can implement this feature to match the full FQDN, not just the domain name. Sometimes we've got many different apps with different login credentials on the same domain. It is very frustrating just to find the correct credentials. Personally, I've got more than 20 logins on the same domain (with different subdomains on each credential).

    I understand it might be easier for some users if 1Password matches at the domain level. So, I think it'd be really helpful if you can implement this as a toggle.

    I don't know if this is the same feature, but is this removed or something?
    https://1password.community/discussion/comment/299563

    Edit: Just came upon this thread and it looks like you guys are not going to implement this?
    https://1password.community/discussion/87028/stricting-url-matching-for-subdomains

    Thanks for your help!

  • kaitlyn
    kaitlyn
    1Password Alumni

    Hey @ReynHartono 👋

    No worries on bringing up an old thread! That's why they're here. I appreciate you doing some research ahead of time. :)

    I'd really love it if you can implement this feature to match the full FQDN, not just the domain name. Sometimes we've got many different apps with different login credentials on the same domain. It is very frustrating just to find the correct credentials. Personally, I've got more than 20 logins on the same domain (with different subdomains on each credential).

    1Password should be matching the FQDN as the very first match unless Favorites come into play. The exact match (FQDN) will appear first, then domain name matches will appear below. I used the releases.1password.com page as an example. Items with a domain containing 1password.com do appear as matches, but my releases.1password.com appears first.

    Is that the same experience you're having? Are you simply not wanting to see domain matches as well, or is it hindering you from filling the way you'd expect?

    Let me know, I'm here to help!

  • thej0k3r
    thej0k3r
    Community Member

    I can comment on this and why the feature is extremely important for some corporate use cases.

    I work for a SaaS cybersecurity software company where we have multiple customers that we support. Each customer has a domain with their name in it so it is easy to remember (e.g. https://customer1.domain.com). Now if I want to store support account logins or other logins for those domains, I cannot reliably do that without exposing Customer1 to Customer2.

    When doing a demo or troubleshooting I get a dropdown of every login I have saved for that domain, instead of the sub-domain, with the customer name in the login title ("Domain - Customer1 Support Account") that I have saved.

    So right now, for me and most likely quite a few others, 1Password is a hard sell for the corporate use case where customer privacy is paramount and we need to login to systems while the customer is on a screen share. For personal use, it is fantastic and the family loves it.

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for the use case @thej0k3r, I have sent your message to the developers as an additional example of where this would be useful :+1:

    ref: dev/projects/customer-feature-requests#31

  • y1_anton_boritskiy
    y1_anton_boritskiy
    Community Member

    +1 here for corporate use case. Same here, I work in an agency supporting mutlitple customers. And most of our systems are running on the same domain, but there is a customer specific sub-domain like it was mentioned above
    https://customer1.domain.com
    https://customer2.domain.com
    ...

    we also have cases like
    https://domain.com/customer1/
    https://domain.com/customer2/
    ...

    it would be cool to have additional field on the 1password entry which would work as regex match for FQDN or better the full URL if provided.
    This way family users won't be affected - they can ignore the new field and corporate users will be able to better match the accounts.

  • Thank you for the feedback @y1_anton_boritskiy, I've added your voice to the issue as well. :+1:

  • bs87racer
    bs87racer
    Community Member
    edited November 2021

    +1, same use case. Many subdomains, each have different credentials and shouldn't mix. I see the closed thread on this basically saying there's no way to accomplish this without impacting the experience. This is very close minded and as someone trialing 1password as a potential Lastpass replacement (that has this feature), this is not a good first impression.

    This is a very simple request that can be accomplished without any impact to "non-power users". Just add an option in the "suggest in browser" dropdown to "only suggest on exact subdomain match".

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @bs87racer ,
    Thanks for chiming in here.

    You might find the suggestions I wrote in this post helpful: https://1password.community/discussion/comment/619241/#Comment_619241

  • cmh716
    cmh716
    Community Member

    I agree with the comments in this thread. Most developers who uses Docker with containers that use bridge networking will have many URLs, all with the same IP address but different port numbers. You’re forced to do one of three things.

    1. Maintain the same userid and password on every service to have a single entry in 1password . Insecure and not possible.
    2. Navigate a potentially lengthy list of passwords and manually choose the correct one.
    3. Change your entire docker environment to use MacVlan instead of bridge to assign every container a unique IP address. This isn’t possible on Mac and Windows since only linux docker supports macvlan.
  • ag_yaron
    ag_yaron
    1Password Alumni

    Thanks for the additional thoughts and input @cmh716 !
    We hope to improve and expand this feature in the future :+1:

  • mduchev
    mduchev
    Community Member

    +1 on that. That is a must-to-have feature!

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for the feedback as well @mduchev, noted!

  • 123xyz
    123xyz
    Community Member

    Definite +1 for this - very very important for website developers and many others that have subdomains. It's really annoying to have a huge list popup, and there should be a simple checkbox in the 1password dashboard that says "Match passwords based on Subdomain only". It's not too complicated to add this feature from a development standpoint.

  • ajahn
    ajahn
    Community Member

    Add me to the list. Support for subdomains would be a great feature.

  • ag_ana
    ag_ana
    1Password Alumni

    Both noted, thank you!

  • tabilo
    tabilo
    Community Member

    The subdomain handling of 1Password is really not optimal. I have a similar issue with local domains, for which I have to handle up to 20 logins under different subdomains. Please add a proper matching

  • Hey @tabilo:

    I've added your feedback to the above, thank you!

    Jack

  • jameschoco
    jameschoco
    Community Member

    Also voting for this as a great feature for IT, and anyone hosting multiple services on a single (local) domain.

  • Hey @jameschoco:

    Added you to our list as well, thank you very much! :smile:

    Jack

  • kobs
    kobs
    Community Member

    This behavior is not suboptimal it is highly dangerous. If you buy products on shop.wordpress.com and you save your credentials in 1P and next time you are mistyping the url and you are on shot.wordpress.com ( might be a fishing site) 1P will just fill in your data. This is not only a feature we would like to have - this makes 1P just a dangerous tool with a real design flaw. And you know it since years and did not fix it.

  • Hi @kobs:

    Thanks for your feedback here on this. We do use the Public Suffix List to determine when credentials should be shared across sites. In the case of the example you provided, I'm not sure if you were using wordpress.com as an example, or a specific set of sites where you've run into this concern. I've brought up the issue of wordpress.com not behaving as expected, as I was able to replicate this behavior. Additionally, I've added your feedback on improved domain matching as a whole to the issue I've referenced above. Thanks again!

    Jack

    ref: dev/core/core#12421

  • simihomer
    simihomer
    Community Member
    edited January 2022

    Hi, I would like to add the perspective that the fact that favorites are listed at the top, ignoring subdomains, is a bug.
    1. If there is a password that matches the exact FQDN, it should be shown ahead of any favorites that match fewer parts of the FQDN.
    2. If there are two favorites that match the registered domain and one of them matches the FQDN, then the latter should be listed at the top
    3. If I always pick the same out of two entries that differ in user name, I would expect 1password to learn which entry that is (in this case, simi@FQDN) and list it ahead of others, e.g. admin@FQDN (based on frequency and recency, a.k.a. frecency) – but I admit that this one might appear like rocket science compared to the first two

  • Joy_1P
    Joy_1P
    1Password Alumni

    @simihomer Thanks for your input on this! It definitely makes sense to sort Favorites by subdomains. I have shared your feedback with our developers. Hopefully they will be able to improve on this in the future.

    Please let us know if you have any additional feedback or questions!