I am an iOS developer, and my app features shared web credentials.
Our website (www.mycompany.com -- not the actual URL) runs a number of applications, many of them on their own subdomain (e.g. dashboard.mycompany.com), and I have my log in credentials for each of those applications store on my 1Password account.
My iOS app's Associated Domains settings contains specifically
webcredentials:www.mycompany.com, but when I'm at the login screen, 1Password suggests me all the other subdomains (in fact, everything under that domain) passwords I have.
The passwords are stored with the correct subdomain, including the
This is something I only noticed after installing the iOS 13 beta. I don't remember seeing this on iOS 12, but I can't be sure.
I'm also not sure if this is something from iOS, which ignores the
www subdomain and only delivers the domain to password manager applications, or this can be better handled by 1Password.
Here's an example of what happens:
Of all of these passwords, only two of them belong to the
Is there anything I can do to limit what subdomains can be suggested?