Exact URL matching



  • Hi @wiserweb,

    As a developer I'm sure you understand that for there to be any hope of change we need to understand how the current approach fails. If I were to go to the developers and say you're unhappy with the current UI and consider it bug and offer nothing in the way of detail or explanation the best I can hope for would be a "duly noted" and nothing more. I couldn't blame them either because the argument is too vague.

    As it stands 1Password displays all matches to the registered domain name. Matches to the FQDN and any items flagged as a favourite are elevated to the first section and the rest below in a section of related items. Exceptions to this are based on the Public Suffix List. Given FQDN matches are always elevated above related matches what is it about the current UI that is impeding speedy identification of the desired Login item?

    I do feel it's worth pointing out that 1Password has always made related items available, previously there were hidden behind a first level menu item titled Show xxxxx more items, all we're doing now is making them a bit more visible in the default view because the Suggested Items is a first level menu option now. The one option that altered 1Password's behaviour was removed because quite frankly it caused more hinderance than good so for the greater good it was removed and I'm not sorry to see it go. We can't simply add more configurable options whenever there is a request, not even if we cheat and hide behind the word Advanced. The more options you throw in the more it risks becoming unwieldy and as it stands the learning curve is too steep for many people (which is on us to correct).

    My intention is not to discount you but to impress on you the need for detailed arguments as to why something isn't working. Detailed justification will always get us further in the debate which will need to happen if there is to ever be any change. You're quite right of course, reaching the right answers from the wrong questions is almost an impossibility so if we don't understand we need you to help us see your viewpoint. Then if we still have questions we're hopefully in the position to ensure they are the right questions.

  • brentybrenty

    Team Member

    It just feels that you're telling me that 1Password is the wrong tool for me as a developer as it's designed for 'broader usage' since it benefits more those 'people'.

    @wiserweb: Not at all. Just keep in mind that your use case isn't the only one that counts. Something not being exactly the way you want it to doesn't equate with "degraded experience". We need to consider all 1Password users, not just you. As a developer, I'm sure you consider all of your users, not just self-anointed "power users".

    As I explained, for server.domain.com, the list should not show projects.domain.com as a login option. Period.

    Why not? I've given a few concrete examples of why it doesn't work like this already, and I could come up with many many more as well. While it may be what you want for your specific use case, that isn't true of most users. I don't think it's reasonable for us to change this behaviour for everyone for a small number of people, especially since the exact match will be at the top for you and you can ignore the rest. At least that's what I'm seeing in my usage. You still haven't answered my question about whether you're seeing something different. That would be a bug worth investigating.

  • wiserwebwiserweb
    edited August 2018

    @brenty @littlebobbytables

    Many users are logging into applications that share a root domain, it's not just developers.

    There are many application that are installed for users that have hosting plans. Here's an example of a small business that is using several popular hosted open-source tools, they are the typical users:

    -vtiger.domain.com (For CRM)
    -stats.domain.com (for pwiki)
    -cal.domain.com (for caldav)
    -nc.domain.com (for Nextcloud)
    -app.domain.com (CNAME to SaaS App)

    Small businesses worldwide are using similar setups when they purchase their domain names. Small business represent 99% of new businesses created and are the engine of the economy.

    Should small business owners and employees see every login credentials as an option when they are logging into gitlab.domain.com or projects.domain.com?

    If these users are less sophisticated than developers why are they being offered unusable login credentials for a sub-domain? Isn't the current design logic more confusing?

    If this is the intended behavior of 1Password then I respectfully disagree that this is user friendly on the first count, on the second count that this 1Password being able to distinguish from two distinct sub-domains is in somehow anyway an Advanced feature and on the final count that these issues I bring to your attention are unique corner cases.

  • brentybrenty

    Team Member

    @wiserweb: Again, are the exact matches not showing up at the top for you, so that they're at the top, clearly delineated from the others, and just a keystroke away from being filled?

  • wiserwebwiserweb
    edited August 2018


    It's not clear to me why cal.domain.com has precedence over gitlab.domain.com. Is this how it's supposed to work?

    And why would any user be interested in seeing a whole list of partial matches that are irrelevant to the current context of the task at hand?

  • brentybrenty

    Team Member

    @wiserweb: You're using 1Password X, not 1Password for Mac or Windows (which this discussion is about). 1Password X is separate, relatively new compared to the desktop apps and their extensions, and does not have the feature we're referring to (and attaching images of) here, but I do believe that's on the agenda for a future update. If you're using 1Password for Mac or 1Password for Windows, you can use the desktop extension to get this behaviour now:


  • I'm currently evaluating 1Password as a replacement for Bitwarden, which I'm somewhat dissatisfied with. This is the killer feature that is preventing me from quickly switching everything over for myself and my family today (just found this post by googling for a solution t o this problem). Not only do I have 10s of unique logins on my corporate domain at work, but I also have a bunch of stuff hosted on a server at home, all behind a reverse proxy on my personal domain. Being able to get your domains set up so that you can always directly fill the login you want every time is sooo nice (and pretty much required for dealing with sites that use HTTP basic auth, which are all over the corporate world).

    I do have to admit that I'm also a professional software developer, and thus fall into the same vocal minority of users on this thread I suppose. That said, given the ease with which Bitwarden handles this, I'm having a hard time accepting the arguments against the feature. I'd recommend checking out your competition here and taking notes. It doesn't have to be confusing - just hide it behind an "advanced options" section and/or throw up some scary warning text that says "don't change this if you don't know what you're doing".

    Bitwarden simply implements a drop-down next to the URL text box with the following list of options: "default", "base domain", "host", "starts with", "regex", "exact" and "never" (see screenshot). Multiple URLs are allowed. This covers pretty much any scenario imaginable. I'm sure most users will always leave it at the default, but it's invaluable to people in my position, and I can hardly imagine someone complaining that it's too complicated and asking for the features' removal.

    I love most of what 1Password offers, so I hope the team will reconsider their stance on this issue.

  • ag_sebastianag_sebastian 1Password Alumni

    Welcome to the forum, and thanks for checking out 1Password, @leopard_shark! :)

    Thanks so much for your detailed feedback, as it really made sense to me (not that other feedback didn't, but I just joined this topic). I've shared your thoughts with the rest of the team, but I can't guarantee when or if we'll implement something like that. I wish I could have a more straightforward answer for you, but this is the best I can do for now. We'll certainly continue to gauge interest for the feature. :)

  • Thank you for getting back to me so quickly @ag_sebastian ! I appreciate your response, and that you're at least considering my feedback. I'll keep an eye on this thread while I continue evaluating the product for my family.

    I hope you had a great weekend!

  • brentybrenty

    Team Member

    Same to you and your family! Thanks for taking the time to check out 1Password. If we can find good ways to surface more advanced features -- and the spare cycles to add them -- without negatively impact those not using reverse proxies, etc., that could be win-win. :)

  • timbytimby
    edited February 6

    I'm new to 1Password and am currently in a trial period. So far I love most of what I see...except this one feature. I also have multiple logins for the same base domain (for multiple sites). I think placing subdomain matches at the top is a good start, but I would really like to see this expanded.

    My vote goes for what @leopard_shark has recommended. I understand how "advanced options" may confuse some people, but I think you should cater to both the basic users and advanced users, to a point. This particular feature is the big missing item for me.

    As an alternate (or supplemental) feature, could you also put "exact matches" at the top of the list, similar to how you put subdomains at the top? For example, let's say I have different logins for company.com/login, company.com/app1/login and company.com/app2/login. If I'm on company.com/app2/login, could it be shown first, same as how a subdomain match is shown at the top (and not auto filled)? I think in most cases this will be the desired login, but if it's not, it still allows the other logins to be selected.

  • Greetings @timby,

    Getting the balance right is tricky and I'm not about to suggest what we do today is the right answer. I can see why if a person has a number of web services all hanging off the same domain and only differing by the path that they'd like to see this. The trouble is we also see plenty of confusion over the ordering as it is even with the more simplistic rules. How many might benefit with the more complex rules over additional confusion generated as a result. I don't know what the right answer is but sometimes the best we can do is make sure it works for the most typical cases and that may mean it isn't perfect for everybody.

  • Woaaa ! So much time and energy spent by 1password team not to implement a must have feature and to explain customer that he do not really need it and that nobody but him needs it. :) Very impressive.

    If I had just a few websites to manage I probably may not need a password manager ;) . But, like many other 1P customers, I have dozens of site that can be easily differentiated by the sub-domain name and exact URL matching. The fact 1P does not handle exact matching makes it difficult to use on mac and completely impossible to use on iOS. 1P present the user dozens of logins for a site because of not taking into account the exact matching. It's even worse on iOS which present to the user a list with even less information than on the mac that do not allow user to select the right login.

    Which login is good one: admin for test1.domain.com or admin for test2.domain.com ? All logins are presented belonging to domain.com...

    So, count my vote for an option to add Exact URL and sub-domain matching on 1P

  • Hi,
    I've read whole discussion and, as developer, have some dubt about UX, but is only my opinion.
    As buyer of this service I have to ask you if it possible to search, inside the app, the URL context because is, for us, is a must have feature to organize rightly the logins items.


  • ag_sebastianag_sebastian 1Password Alumni

    Thanks for your vote, @ribero, I'll share your thoughts with the rest of the team. :)

    @emiliano_santucci When you search for an item, we check for data within items. Let's say you have the following URLs:

    • test1.domain.com
    • test2.domain.com/login
    • test3.domain.com
    • test4.domain.com/login

    If you search for login, both test2.domain.com/login and test4.domain.com/login will show up. However, if you search for test2 login, the result you get will be test2.domain.com/login. Let me know if you have any further questions. :smile:

  • Hi @ag_sebastian,
    thanks for your response. I've tried your example on my 1Password 7 (rel. 7.2.4) with no success.
    In my case there are following link (in website section):
    1. http://localhost:8080/
    2. http://localhost:8080/test
    3. http://localhost:8080/stuff
    4. http://localhost:8080/test/subtest

    If I search test inside the search bar:

    I'm in error?

  • I have an idea that may help us developers while keeping things cognitively simple for users. What if 1Password could check each path segment against the tags in your vault, and prioritized based on number of matches?

    So if I have these logins

    I could tag the first one "test" and the second one "stuff" to get the behavior the folks in this thread want.

    I would think it'd be simpler to keep unencrypted salted hashes of all my vaults' tags instead of every URL prefix permutation; perhaps 1Password already does?

    To surface this feature, you could have an unchecked-by-default advanced preference that says something like "Consider tags when matching logins to URLs", which is more understandable than the old preference's label and more predictable than the old behavior.

    It's kind of duplication of data, and it's an extra manual step for users, but it seems to be developers who need this the most, and I suspect most of us would appreciate the compromise.

  • I'm definitely no expert on how searching works but I think we do some sort of hash or similar for the registered domain name and FQDN (Fully Qualified Domain Name) as well as things like the title but it would probably require asking a developer for a specific platform how it works there. I don't believe 1Password does anything for the path component of the URL and I would suspect there may be performance concerns.

    Getting the balance right so that something is friendly enough for those less technically inclined whilst still offering use for the power users is and will probably always be a challenge. If we added a preference each time we needed to ensure a new feature didn't affect too many people we'd be hip deep in checkboxes and that impacts the already steep learning curve. There are programs I use where I can never remember which of the 5 difference places preferences are stored I need to for a particular thing and that can risk make a program impenetrable.

    1Password hasn't always only grouped by only the subdomain, we moved to that after whatever we used to do caused more problems than it helped solve. That doesn't mean we've got it right yet but it isn't that we decided on this on day one and we believe this is the only approach. We do have a strong opinion on the addition of new configurable options (only as a last resort) so I do believe it will be more about finding a way to fine-tune the default behaviour.

  • +1 to this. I have quite a few logins which share the same domain name but run on different sites. Eg blah.com/site01, blah.com/site02. While I might not be a typical user (i'm a devops engineer), I setup sites this way and my customers ARE normal users and they are affected by this. And before you suggest it, no, i'm not about to change the way I setup sites just to accomodate 1Password.

  • brentybrenty

    Team Member

    Okay. :)

  • Hi! Yet another developer/devops guy chiming in. I would prefer to have some sort of advanced option to force exact url matching for specific logins. But if that does not happen, could you at least consider looking at the subpath when sorting the exact matches?

    My case:
    https://service.example.com - login: user
    https://service.example.com/?admin - login: adminuser

    I have two different logins saved in 1P, with the respective exact url. Yet, "adminuser" appears as the first item in the list for both urls. I'm of course able to manually select "user" for the normal service login, but in my opinion you would create a better user experience by also taking the (lack of) subpath into account when sorting.

  • brentybrenty

    Team Member

    Thanks for the feedback -- especially the specific use case. :chuffed:

  • +1 for this feature. I'm using 1Password since it came out. But it is becoming more cumbersome to scroll through lists of passwords belonging to the same domain / subdomains. Some domains I manage have over 20 different logins. Dashlane with I use at work has a setting on the specific password to use exact match of subdomain. Would it be possible to make that idea available as an exact match for url (path) on a per item basis?

  • ag_anaag_ana

    Team Member

    Thank you for your feedback as well @simbookee! And welcome to the forum :)

  • ag_anaag_ana

    Team Member

    Sorry to hear this, but we appreciate the feedback!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file