Irrelevant Passwords Appearing when Hostnames are Similar

Hello,

When I use the 1Password X extension in Chrome and navigate to a specific website (in this case telefilmdev.appiancloud.com), I'm able to see my password in 1Password X available for me to select. However, when I navigate to a different, yet closely-named website (in this case telefilmtest.appiancloud.com), I still see my login available from telefilmdev. Notice that the website hostnames are different (telefilmdev vs telefilmtest), yet very similar. I'm attaching screenshots to better explain.

If I'm on telefilmdev, shouldn't I just be seeing passwords for that particular hostname? In this case, I'm only expecting to see the DEV password when I'm on telefilmdev.appiancloud.com and only the TEST password when I'm on telefilmtest.appiancloud.com. This is causing a bit of a nuisance because I could have many similarly-named hosts and the extension would cause many irrelevant passwords to appear.

Thanks,
David!

On telefilmdev but seeing the TEST password as well

On telefilmtest but seeing the DEV password as well

Showing that my DEV password is associated with telefilmdev

Showing that my TEST password is associated with telefilmtest


1Password Version: Not Provided
Extension Version: 1.15.3
OS Version: OS X 10.14.5
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni

    Welcome to the forum, @david23! Thanks for the question, and the sleuthing. With the assumptions you're making, I'd come to the same conclusions, in fact. :) However, that's not quite how 1Password chooses what to offer you. For the record, that is:

    1. Favorited Logins (these will appear first).
    2. Exact match Logins (where the primary website field is an exact match for the URL of the current page)
    3. Logins which match the FQDN (fully-qualified domain name) - i.e. where both the domain and any subdomain match
    4. Logins which match only the domain name.

    It's that fourth one, ("...match only the domain name") which is the issue here: both are appiancloud.com, so you'll see both. In your screenshots, in fact, you can see that the position of the two is reversed depending on whether you're on the DEV subdomain or the TEST subdomain, indicating this is working as intended. Hope that's helpful. :)

  • david23
    david23
    Community Member

    Hey @Lars ! Thank you very much for the explanation, that makes a lot of sense and is very helpful. Is it possible for me to configure any of this behaviour in the settings? If not, is it be possible to put in some kind of enhancement request?

    We have a large number of clients that use the same cloud platform (with the same appiancloud.com domain name) and the only piece of the FQDN that changes is the hostname. I'm sure you can imagine that the list would grow quite large (especially if I have multiple usernames per site) and it would be nice to be able to configure some of this behaviour to limit some of the clutter. If not, the existing sorting will have to do the trick :)

    Thanks again!

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @david23,

    You cannot configure this in the settings at the moment I'm afraid. But just so I understand: you would like to have a setting to only show login items when there is a perfect match in the URL, correct?

  • BusDriver
    BusDriver
    Community Member

    I have exactly the same functional FQDN issue as @david23, but with the recruiting service Taleo, and several other web services.

    Example; many big companies use Taleo candidate management services, and each company is identified with a different hostname for their service - yet the domain of the FQDN for "taleo.net" remains the same for each.

    There is a whole company's worth of difference between FQDN's "nike.taleo.net" and "starbucks.taleo.net" - and the passwords should be unique as well. Instead, 1Pass sees each new login instance to "taleo.net" as being the same, due to Lars' explanation above, which is not appropriate for the circumstance.

    ag_ana - Yes, I would like to see 1) the ability to force a strict FQDN match for a domain (or not), and 2) The ability to nest or organize multiple logins from the same site/domain.

  • Lars
    Lars
    1Password Alumni

    @BusDriver - thanks for the feedback. :)

This discussion has been closed.