[iOS dev] 1P will suggest many subdomains even Associated domains list specifies a single subdomain

guilhermearaujo
guilhermearaujo
Community Member
edited August 2019 in iOS

I am an iOS developer, and my app features shared web credentials.
Our website (www.mycompany.com -- not the actual URL) runs a number of applications, many of them on their own subdomain (e.g. dashboard.mycompany.com), and I have my log in credentials for each of those applications store on my 1Password account.

My iOS app's Associated Domains settings contains specifically webcredentials:www.mycompany.com, but when I'm at the login screen, 1Password suggests me all the other subdomains (in fact, everything under that domain) passwords I have.

The passwords are stored with the correct subdomain, including the www one.

This is something I only noticed after installing the iOS 13 beta. I don't remember seeing this on iOS 12, but I can't be sure.

I'm also not sure if this is something from iOS, which ignores the www subdomain and only delivers the domain to password manager applications, or this can be better handled by 1Password.

Here's an example of what happens:

Of all of these passwords, only two of them belong to the www subdomain.

Is there anything I can do to limit what subdomains can be suggested?

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @guilhermearaujo!

    1Password looks at the domain of a website to show you the list of relevant logins, so the behavior was likely the same on iOS 12. I can see how filtering based on subdomain could be useful to you, so while I cannot make any promises, I can tell you that I have shared your feedback internally :)

    Thank you for taking the time to share this feedback and have a wonderful day!

  • suderman
    suderman
    Community Member

    +1

    This is the biggest annoyance I have with 1Password and have been dealing with this problem ever since Autofill was introduced in iOS. Please give us the option to filter by the FULL hostname.

    Here's a classic example in my day. Only ONE of these is relevant for the subdomain I'm visiting, and I have zero indication which to try.

  • Thanks for the feedback @suderman. I'm not aware of any plans to change this at present, but we are gathering feedback and may consider changes in the future. :+1: We appreciate you taking the time to share your perspective. At present, tapping the 1Password... option at the bottom of the list will open the 1Password UI which can provide a bit more context that isn't available in the autofill UI.

    Ben

  • suderman
    suderman
    Community Member

    Thanks, Ben.

    Perhaps an easier fix: show the full hostname (with subdomain) in Autofill. It is done this way in 1Password's extension, and this way I can at least choose the right option in Autofill.

  • ag_ana
    ag_ana
    1Password Alumni

    @suderman, on behalf of Ben, you are very welcome!

    And thank you again for your input.

    Have a wonderful day :)

  • JaredReisinger
    JaredReisinger
    Community Member

    I'd like to +1 guilhermearaujo and suderman's request for all 1Password platforms (not just iOS), and make an additional request: if there is a matching subdomain (i.e. you're attempting to fill on "thisone.example.com", and you have logins saved for "example.com", "thisone.example.com", and "wrongone.example.com", the exact match should be at the top of the list. (And further, starred entries should be the first among equivalent matches.)

    I have to admit, though, this is mostly nit-picking... I can and do use the "1Password..." button to drop into the full app and find the correct login; it'd just be easier and faster not to have to do so.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for the feedback! That's how our desktop apps work, but there are other considerations on mobile, given both the technologies available to us there, but also usability. So in the next update iOS Password Autofill will prioritize the most recently used login credentials. But it's something we'll continue to evaluate as the feature continues to develop. Cheers! :)

  • johannrichard
    johannrichard
    Community Member

    I hope you can accept my +1 for this. 😇

    Either better visibility into the subdomains or a ranking based on (subdomain)-match, as already said not unlike in the 1Password Browser extension.

    As a non-developer, I also wonder whether the iOS AutoFill framework is the limiting factor here in terms of subdomain matching options? If so, maybe a counter-intuitive approach might help as well: If there's more than a handful of passwords with different subdomains stored in 1Password, don't show them in AutoFill at all - in this case, it would be logical for the user to go directly to the "🔑" symbol in the Touch Bar, opening the 1Password UI.

    This would also distinguish this case from cases where many different logins exist for the same domain (e.g. family's passwords for services like Apple's or Google's) where the domain remains the same but the username differs, and which therefore are easy to distinguish in the AutoFill UI.

    Just my 2¢.

  • As a non-developer, I also wonder whether the iOS AutoFill framework is the limiting factor here in terms of subdomain matching options?

    That is certainly a good chunk of it.

    If so, maybe a counter-intuitive approach might help as well: If there's more than a handful of passwords with different subdomains stored in 1Password, don't show them in AutoFill at all

    I think the only way we could achieve that would be to not supply them to autofill at all, in which case I'm not sure you'd even get the option to open 1Password from within autofill.

    Hopefully more robust options will become available as things continue to evolve.

    Ben

  • suderman
    suderman
    Community Member
    edited December 2019

    Either better visibility into the subdomains

    This please. Show the full domain and I can actually use AutoFill.

    If space is an issue, showing my username on its own line is nearly always useless for me.

  • @suderman

    We don't control the UI for autofill until you tap on 1Password at the bottom of the list, unfortunately.

    Ben

  • suderman
    suderman
    Community Member

    We don't control the UI for autofill until you tap on 1Password at the bottom of the list, unfortunately.

    Good to know, thanks.

    I think I might work around this issue by changing my username to match the subdomain.

  • I think I might work around this issue by changing my username to match the subdomain.

    That's certainly an interesting approach. :+1:

    Good to know, thanks.

    Sure thing. :)

    Ben

This discussion has been closed.