Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
FR: Automatch URLs with credentials
Hello 1 Password Folks!
A quick feature request, if I may.
In order for the useful and time-saving things like autocomplete to work, there has to be a URI match between the credential and the website. This requires that the user has populated the website, or more realistically, that it was automatically populated by one password or a previous credential manager.
However, we're all human, and I wonder if many other users, like me, have bundles of credentials from previous systems, or just ones that never got saved, which are missing an obvious URI. For example: I'm looking at a credential for MongoDB Atlas that (sadly!) is missing the mongodb.com URL association.
I thought today that it's probably fair to assume that most of these matches could be done programmatically or with a smidgen of AI. Even simple keyword matching would probably catch lots of them.
I'd really love to see 1Password beef up its tool extensions, as there are lots of little utilities like this that I think could be really valuable. But I wouldn't hesitate to use a periodic or ongoing password matching logic, so long as it didn't take destructive action like overwriting websites. The worst that could go wrong is mismatching a credential.
AI and secrets are obviously a sensitive mix But perhaps for something with relatively basic natural language requirements like this, a very small model could be bootloaded into the client or something similar.
2 Replies
- 1P_Dave
Moderator
Hello danielrosehill​! 👋
Thanks for the suggestion! 1Password is designed to never fill your login credentials into any website/app but the website/app that matches the website address saved for that login item. It's an important phishing protection that you benefit from when you use 1Password to fill your login credentials.
While an automatic method to try to "guess" the correct website address for each login might be convenient, it also comes with the risk of the wrong website being set which could lead to you bring tricked into filling your login credentials into a malicious website or just sharing them with the wrong website.
That being said, I've passed your post along internally so that the team can consider these sorts of problems and how best to solve them in the future.
-Dave
PB-49635669
It's a nice idea but the scenario is rare enough that I question whether it's worth the effort because it is not trivial to implement. I can see so many challenging cases and the need for many behavior preferences. Plus there are so many other things that I'd give higher priority.
A variant that I would be more willing to support: You get to a website/app and 1P doesn't recognize the connection so you are forced to manually search 1P for the matching entry yourself. At that point, there should be a button "Explain why 1P couldn't match this entry." and options to accept a variety of reasons why 1P should match. Examples:
- Fix URL recognition
- Fix app recognition
- Fix entry field recognition
Even without the auto-fix idea, I'd love if 1P could at least explain to me why it is failing to match an entry that looks like an obvious match to me.
