Subdomains and iOS12 autofill

2»

Comments

  • brentybrenty

    Team Member

    @jarledb: Yes. Please seen my comments and screenshot above.

  • Is there any way I can share some screenshots and a video with you privately? I don't want to share usernames and urls here.

  • Just so I/we can understand the iOS implementation...

    The documentation that Apple provides:

    https://developer.apple.com/documentation/security/password_autofill/

    Links to the information on the "AuthenticationServices framework" for the "credential provider extension":

    https://developer.apple.com/documentation/authenticationservices

    It's been about 5 years since I've done any Objective-C, and I don't really understand this quite basic/minimal documentation.

    Would it be possible for one of the 1Password iOS developers to explain how 1Password interacts with iOS?

    I'm not sure if:

    1. 1Password provides a full list of accounts to begin with, iOS keeps that on record, and will only ask 1Password for the password when the user selects the account.
    2. When someone focuses on a login form in Safari, 1Password is asked to return a list of logins at that point.

    I'm assuming it's the second approach, as that avoids synchronisation issues.

    In which case... when 1Password is being asked for a list of logins:

    1. What do you get told? I'm assuming you're told the full domain name,
    2. What do you return? I'm assuming the username and the partial domain name (TLD); not the password, as that's provided after the user selects the account they want.
    3. Does the order of the logins you return matter? and if so, is the first one returned the default one shown?
  • MrRooniMrRooni

    Team Member

    Good morning, Craig. It’s actually the first one. We provide iOS with a full list of usernames and the fully qualified domains with which they are associated. When you tap into a form iOS shows all the top-level domain matches.

  • brentybrenty

    Team Member

    @jarledb: Sure! Shoot us an email at [email protected] and post the Support ID you receive here. :)

  • I'm also frequently bitten by the lack of subdomain and port number matching. 1Password usually presents me with dozens of logins that don't apply.

    Proposal for a matching "algorithm" that probably doesn't break anything for anybody:
    1. try matching subdomain and port number (if port number is different from 443 or 80)
    2. if no exact match, try without port number
    3. if still no match, only then search for all domain items, ignoring the subdomain, or whatever you do currently.

    What I don't understand is why presenting an exact match would only if present would break anything for anyone.

  • a1andreasa1andreas Junior Member

    @maikm I like your suggestion!
    Even better with port number matching too, as you say. That would be very useful for me to.

  • brentybrenty

    Team Member

    As mentioned previously, the iOS 12 Password Autofill feature works only with the domain, not subdomains or port numbers. We can consider making changes to how 1Password itself presents matches, but that will not impact the topic of this discussion.

  • steve28steve28 Junior Member

    I hope something can be done, because this is useless:

  • brentybrenty

    Team Member

    @steve28: Sorry, what's the problem?

  • steve28steve28 Junior Member
    edited September 2018

    @brenty Can you tell me which one of those listed accounts is for router.mydonain.com?

    Edit: I know it's not a 1P limitation - it's an iOS one. I'm hoping that Agilebits has more pull with Apple than I do through https://apple.com/feedback (which I submitted)

  • brentybrenty

    Team Member

    @steve28: If you tap "1Password..." at the bottom there, as suggested above, what do you see?

  • steve28steve28 Junior Member

    @brenty of course then I get a properly ordered list. My point is that I hope you are lobbying Apple to fix it so it works without needing the extra step

  • brentybrenty

    Team Member

    Ah, gotcha. I don't think they necessarily have to listen to us, but we have shared feedback with them. Cheers! :)

  • We can consider making changes to how 1Password itself presents matches, but that will not impact the topic of this discussion.

    @brenty I realize this discussion is about the iOS 12 autofill, but I was referred here by your twitter account where 1Password matching was the topic:

    Anyway, wouldn't the iOS 12 autofill list become much shorter as well if 1Password would apply stricter matching (as proposed earlier here) before handing the result list over to the operating system?

  • brentybrenty

    Team Member

    I realize this discussion is about the iOS 12 autofill, but I was referred here by your twitter account where 1Password matching was the topic:

    @maikm: No worries. Thanks for the context. :)

    Anyway, wouldn't the iOS 12 autofill list become much shorter as well if 1Password would apply stricter matching (as proposed earlier here) before handing the result list over to the operating system?

    Sure, but that isn't possible. The OS alone handles this feature. Sorry. :blush:

    As mentioned above,

    That just isn't possible with iOS 12 autofill. But we can control the experience when you tap "1Password..." since that brings up 1Password's app UI. We can show the whole URL there. And that's something we can iterate on over time as well. :)

    So if you have feedback about 1Password's UI, that's something we can evaluate along with everyone else's. :)

  • Completely forgot to check... any news on this?


    My current/temporary work around

    While you should continue to use 1Password (it's still the best)... for websites on multiple sub-domains, the iOS password manager handles this situation perfectly.

    Assuming you're on iOS and/or MacOS for everything (including Safari on MacOS), you could store those passwords in the Apple KeyChain instead.


    As to why it happens

    iOS asks the installed password managers for a list of usernames and related domains - so it can list them when you're trying to login to a website.

    1Password should provide the full domain name, so iOS has enough information to make an appropriate selection (i.e. so it can show the full match first).

    For some reason (something todo with the 1Password storage system?), when 1Password is exporting this list, it does not include the sub-domains.

    For example:

    • blog.1password.com
    • support.1password.com
    • email.1password.com

    These are all sent to iOS as "1password.com", so iOS has no idea which login is the best match (to show the first entry), or the order to list them when there are multiple logins (either a full match, or partial).

    As to where this comes from... well, I discussed it with Ricky Mondello (who was heavily involved in the iOS side) and Jeff Goldberg (from 1Password), at the Passwords Conf, in Stockholm, at the Clarion Hotel, November 2018 - I had assumed it was an iOS problem (because of this thread), but Ricky was sure the iOS side should work (and it does), and it's 1Password not providing the sub-domain :-(

  • I've been banging my head against the wall because of this for a very long time. I'm glad to see it's a known issue. I've got a domain with at least 16 subdomains, and each has different login credentials. Man-o-man, it's a frustrating experience trying to use 1Password on any of those sites.

  • ag_anaag_ana

    Team Member

    Not yet @craig_francis, sorry! But thank you for taking the time to share your feedback and suggestions with the other users :+1:

  • ag_anaag_ana

    Team Member

    Sorry about this @TazG! We will continue working on this to see if there is anything we can do to improve it :+1:

  • Thanks @ag_ana! Any improvement would be welcome and appreciated! :)

  • ag_anaag_ana

    Team Member

    You are welcome @TazG, anytime :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file