Feature Request: Linked Accounts

khad

Thanks for the feedback!



This suggestion has come up from time to time. Thank you for letting us know it would be useful to you as well! We will look into improving this in a future update, but I do not have a time frame for a specific version.

placebo

[quote name='khad' timestamp='1291275126' post='16740']

Thanks for the feedback!



This suggestion has come up from time to time. Thank you for letting us know it would be useful to you as well! We will look into improving this in a future update, but I do not have a time frame for a specific version.

[/quote]

I'd also like to see this suggestion implemented. A related issue is the ability to link entries in the Accounts vault to URLs as well. For example, my MobileMe account is also the Apple ID I use at various Apple web sites.



I guess the best way to put it is that 1Password should consider the account to be the fundamental entity. Right now, the location is the fundamental object, and you have accounts associated with each location. If the same accounts can be used at different locations, you often end up with multiple entries in 1Password with the same account information, which sort of defeats the goal of having your information stored in just one place.

sergiomiranda

[quote name='khad' timestamp='1291275126' post='16740']

Thanks for the feedback!



This suggestion has come up from time to time. Thank you for letting us know it would be useful to you as well! We will look into improving this in a future update, but I do not have a time frame for a specific version.

[/quote]



I believe something like this (multiple domains on one item/link item) has been asked more than from time to time, it has been asked repeatedly and it has been said to be "coming soon" for a long time too.

http://forum.agile.ws/index.php?/topic/64-suggestion-single-login-multiple-domains/



Don't get me wrong, I love 1password, but I have been waiting for a long, long time to cut down my saved passwords by a huge number and make my life (even) simpler with this feature that seems so basic for a password manager.



How about a Christmas present? <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />

brenty

[quote name='DarkAngel' timestamp='1291472189' post='16933']

I believe something like this (multiple domains on one item/link item) has been asked more than from time to time, it has been asked repeatedly and it has been said to be "coming soon" for a long time too.

http://forum.agile.ws/index.php?/topic/64-suggestion-single-login-multiple-domains/



Don't get me wrong, I love 1password, but I have been waiting for a long, long time to cut down my saved passwords by a huge number and make my life (even) simpler with this feature that seems so basic for a password manager.



How about a Christmas present? <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />

[/quote]



Heh.



I definitely have run into this issue, though certainly not to the degree you folks have. I'm not sure it would be as simple as allowing additional URL fields. The TLD workaround mentioned above breaks my autologin functionality where I have tried it, since the site URL is not an actual login page. ⌘\ still works once I'm at the login page, but it seems like this is a problem without a solid, one-size-fits-all solution. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/sad.gif' class='bbc_emoticon' alt=':(' />

Navstar

Envato Marketplace has several sister sites (Activeden, Audiojungle, Themeforest, Videohive, Graphicriber, 3Docean, Codecanyon, etc) that 1Password thinks are different sites. But once logged in, they all link to the same user account.



How can I make one login for all these sites? They all have the same username and password. Right now, 1Password wants to create a entry for each one (since they all have different domain URLs). But if I change a password in one, I have to update 1Password eight different times.

khad

There are definitely pros and cons to any implementation of an "equivalent domains" or "linked accounts" feature. We've been pretty busy with 1Password for Windows, 1Password for Android, Dropbox syncing, and the Chrome extension. Please accept our apologies for allowing this to take a back seat, but we are really excited to be able to offer additional platform, browser, and syncing support. This is still on our radar, but we do not have a time frame for a specific release.

grahams

This feature would be great for me... There are a few logins which I have duplicated 8 times... It'd be awesome to not have to change them all when I am compelled to change the password every 90 days. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />

MikeT

[quote name='grahams' timestamp='1292468727' post='17692']

This feature would be great for me... There are a few logins which I have duplicated 8 times... It'd be awesome to not have to change them all when I am compelled to change the password every 90 days. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />

[/quote]Hi grahams, welcome to the forums.



Thanks for letting us know that this would be useful or great for you. I totally know what you mean, I have the same setup as you do and I know it would be just awesome to have 1Password not only have one Login item for multiple similar domains but the ability to change the password one time for all of them is just great as well.



The biggest issue is that we need to make it not only easy to do this but also discourage the users from using the same password for multiple DISCRETE sites since our users may abuse this feature to include other sites that have no association with the first or "master" site.



We hope that people do learn from the gawker breach in that it's never a good idea to use the same password for every site on the Internet.

brenty

[quote name='Navstar' timestamp='1291656780' post='17011']

Envato Marketplace has several sister sites (Activeden, Audiojungle, Themeforest, Videohive, Graphicriber, 3Docean, Codecanyon, etc) that 1Password thinks are different sites. But once logged in, they all link to the same user account.



How can I make one login for all these sites? They all have the same username and password. Right now, 1Password wants to create a entry for each one (since they all have different domain URLs). But if I change a password in one, I have to update 1Password eight different times.

[/quote]



That's definitely a problem. I know that I have a few like that myself, but I tend to just generate a strong password once and forget about it, so I don't end up having to make sure I change all the others as well. I should probably change my password more often...



1Password does some great things with under-the-hood sort of HTML data like the field names in forms. Maybe a different way to approach this problem would be to recognize strings in the form itself (rather than the page URL) to determine what credentials to use for login.

[Deleted User]

[quote name='brenty (toromei)' timestamp='1293047495' post='17986']

1Password does some great things with under-the-hood sort of HTML data like the field names in forms. Maybe a different way to approach this problem would be to recognize strings in the form itself (rather than the page URL) to determine what credentials to use for login.

[/quote]



The problem we face there is that this could open up the doors to phishing attacks. Right now, the biggest advantage to 1Password not letting you fill a login on a page that doesn't match the URL saved in the Login item is that this should help prevent phishing attacks, because 1Password knows the site you're on isn't the real site and it won't play ball.



I think the key factor in all of this is to make sure that any implementation is easy to use for everyone, secure and that it actually works. Maybe something as simple as letting you enter multiple URLs for a single item would work, but again this needs to be carefully thought out.



Hope that makes some form of sense,

brenty

[quote name='stu' timestamp='1293059693' post='17994']

[b]The problem we face there is that this could open up the doors to phishing attacks.[/b] Right now, the biggest advantage to 1Password not letting you fill a login on a page that doesn't match the URL saved in the Login item is that this should help prevent phishing attacks, because 1Password knows the site you're on isn't the real site and it won't play ball.



I think the key factor in all of this is to make sure that any implementation is easy to use for everyone, secure and that it actually works.[b] Maybe something as simple as letting you enter multiple URLs for a single item would work, but again this needs to be carefully thought out.[/b]

[/quote]



Sold! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/ohmy.gif' class='bbc_emoticon' alt=':o' />



That makes perfect sense. I wasn't even thinking in that direction. Phishing is becoming more and more common, and I'm glad you guys are thinking about these things. Obviously, not convenient in many cases, but this is definitely a benefit in that way at least.



Hopefully a solution can be found that takes both issues into account. The multiple URL thing seems promising. Thanks for the prompt response, Stu! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />

khad

On behalf of Stu, you are most welcome! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_bigsmile.png' class='bbc_emoticon' alt=':-D' />



Thanks for bringing up this good issue. It is always fun to discuss new features and security.

Harry Warrior

[quote name='MikeT' timestamp='1292518095' post='17706']

The biggest issue is that we need to make it not only easy to do this but also discourage the users from using the same password for multiple DISCRETE sites since our users may abuse this feature to include other sites that have no association with the first or "master" site.

[/quote]



Let us assume that the user is a 'responsible adult'. The very fact that he bought 1Password means he knows what he is in to. I would really like the domain alias feature. If there is a UI real estate issue, please go with a comma, space, or 'pound/hash #' separated list in the current URL field. It could be an undocumented feature only geeks use <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' /> (for now <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />)



BTW, there are multiple threads on the same topic. You should make a sticky topic with all outstanding feature requests (at least the major ones) and their status so people don't create new threads. Not sure if you can do this with your current forum s/w.

RobYoder

[quote name='Harry Warrior' timestamp='1293554354' post='18187']

Let us assume that the user is a 'responsible adult'. The very fact that he bought 1Password means he knows what he is in to. I would really like the domain alias feature. If there is a UI real estate issue, please go with a comma, space, or 'pound/hash #' separated list in the current URL field. It could be an undocumented feature only geeks use <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' /> (for now <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />)



BTW, there are multiple threads on the same topic. You should make a sticky topic with all outstanding feature requests (at least the major ones) and their status so people don't create new threads. Not sure if you can do this with your current forum s/w.

[/quote]



The undocumented idea is interesting, Harry. We'll revisit this again, but unfortunately, it's not at the top of the list right now. I've wanted this for a while too, even before joining Agile, but to keep everything realistic, it'll probably be a little while longer.



Thanks for the feedback!

grmartin

I am finding with more and more sites (LiveScience, or Comedy Central) using one login for all of their domains common, that the lack of an ability to assign more than on domain to a set of credentials is a bother. I was wondering if there was anyway we could get the ability to set the details to span across more than one domain.



Thank You.



As an owner and user of 1Pass for Mac and iPhone/Pad (Pro) and Knox, i have to thank you all for your hard work.

[Deleted User]

Hi grmartin,



Thanks for the post, your first I believe <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



We've had quite a lot of requests to make it possible to associate a common set of login credentials with multiple URLs, and this is certainly something we're looking into for a future version of 1Password, however I don't have a timeframe for exactly when this will be available.



You're right that this is starting to happen more and more, and so we have to seriously look at how we can adapt 1Password to handle the ever changing way that logins are handled online. Of course, the downside to sites sharing a common login could be that if someone were to get access to your password for one site, they'd have access to them all.



Thanks again for the post, it's good to hear how many users want this feature.

aaronbarker

Adding my vote for this feature.



A single record with multiple sites would be optimum, but a search and replace would be a decent solution too. Find records matching user1/pass1 change to user1/pass2



Thanks!

MikeT

Hi Aaronbarker, welcome to the forums.



Thanks for letting us know that this would be useful for you. I’d say that the first option would be more clean than the second one. For some reason, in my opinion, the second one would be more messy and error-prone.



As Stu mentioned, this is something we know would be useful for a lot of people and we would like to work on this. As to when it’ll happen, no idea.

Nick B.

I just wanted to show my support for this feature request as well. Linked accounts/passwords would be a godsend for my particular use-case. I work at a university with a global account sign-in based on Active Directory. We're forced to change passwords every 90 days (which is a good practice), but makes it a hassle to update my 1Password keychain. I currently have at least a dozen individual logins saved in 1Password that all contain the same username/password.



I know this is an edge use-case, but it would be an awesome addition if you guys could squeeze it into a future release. Thanks for the great software and keep up up the good work.



––

Nick Basham

khad

Welcome to the forums, Nick!



While [url="http://www.pcmag.com/article2/0,2817,2362692,00.asp"]the benefits of changing passwords on any regular basis are dubious[/url] — considering that an attacker will usually not wait 90 days to use a password once it is obtained — we don't always control the policies that make our lives more work. Linked accounts would be a boon for you and me both! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



This is something we are definitely looking into for a future release. Thanks for the kind words and for letting us know you would appreciate this as well!

Sachin

Alot of sites have single sign on or use oauth where you use the same password across multiple sites. When a password changes, it applies to all sites. It would be great if this concept could be introduced in 1PW.



So for example lets say I have a standard login entry called Foo (which is a regular site containing a username password).



Now, i have a new entry called Foo2, which I know always uses the Foo password. If somhow Foo could be linked to Foo2 this would avoid duplication and login denials when the password for Foo has changed.

khad

Welcome to the forums, Sachin!



Thanks for letting us know you are interested in this as well.



I have merged your post with the appropriate thread. Please see above and let me know if you have any additional questions or concerns. We really appreciate the feedback!

kbyrd

As much as I hate to do this:



+1. Me too!





I'd like to see this. I bet Google logins are the main one that I bet many/most of your users use. But I also use 1Password for a series of coporate intranet sites that all link to a single "change-every-so-often-so-the-powers-that-be-can-feel-safe" login.



BTW, what is your forum etiquette on showing support for a feature request? Some places hate "me too!" posts and ask you to vote something up. How would you like me to do this in the future?

khad

[quote]I'd like to see this Google logins are the main one that I bet many/most of your users use. But I also use 1Password for a series of coporate intranet sites that all link to a single "change-every-so-often-so-the-powers-that-be-can-feel-safe" login.[/quote]

Google indeed. I think the most common use case is actually the internal corporate logins, however. That is the sense I get from not only your own post but email we receive as well.



[quote]BTW, what is your forum etiquette on showing support for a feature request? Some places hate "me too!" posts and ask you to vote something up. How would you like me to do this in the future?[/quote]

We have a strict better-to-ask-forgiveness-than-permission policy here. (Can I call that strict?) You're doing fine, though. Posting in the thread is perfect. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />

JoaoPinheiro

Hello,



I've been running into a small problem with the Fill Login feature in 1Password. Some websites, like my university internal pages and the Apple ID / MobileMe pages, use the exact same login credentials, but on completely different web addresses. This is a problem for the Fill Login feature, since 1Password logins can only handle a single web address. I have been working around this by adding multiple login items with the exact same credentials, but this can be annoying when I have to change my password.



It would be great if login items were able to include multiple web addresses rather than just one.



I'm posting this in the Leopard/Snow Leopard forum, but this change would obviously be reflected on the entire 1Password suite.



Thanks!

brenty

Hiya, Joao!



Thanks for mentioning this. This has actually been suggested many times, and is something we are looking into. Security is a big concern, so even if we do implement something like this in the future, it would have to be carefully considered and may take some time to implement in a way that will not simply expose folks to phishing attacks. Web sites can be spoofed, and having multiple valid addresses for the same login broadens the attack vector if safeguards are not properly put in place.



Also, since I am sure that MobileMe is not somehow affiliated with your university, I can only guess that you are using your @me.com email address with the same password for all of these. While you are free to do as you wish, I strongly suggest that you take advantage of 1Password's Strong Password Generator to create random, unique passwords across your accounts, especially where the username is the same. Changing passwords is certainly annoying, but I try to imagine how much worse it would be if one of my accounts was compromised. One of the great things about 1Password is that updating your passwords doesn't mean having to memorize new ones! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/biggrin.gif' class='bbc_emoticon' alt=':D' />



In any case, though, creating multiple Login items is the only workaround, even in instances such as Google, where there are many services that literally use the same account. I am sorry I don't have a better answer for you, but hopefully in the future we will have good news. We have exciting things planned for 1Password. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />





[quote name='JoaoPinheiro' timestamp='1303911183' post='25731']

Hello,



I've been running into a small problem with the Fill Login feature in 1Password. Some websites, like my university internal pages and the Apple ID / MobileMe pages, use the exact same login credentials, but on completely different web addresses. This is a problem for the Fill Login feature, since 1Password logins can only handle a single web address. I have been working around this by adding multiple login items with the exact same credentials, but this can be annoying when I have to change my password.



It would be great if login items were able to include multiple web addresses rather than just one.



I'm posting this in the Leopard/Snow Leopard forum, but this change would obviously be reflected on the entire 1Password suite.



Thanks!

[/quote]

JoaoPinheiro

Helly Brenty,



I'm glad to know that I'm not the only one who would like to see this feature implemented. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' /> I guess I wasn't very clear in my examples though. What I meant was that my MobileMe account IS my Apple ID account, so I need to use the Apple ID credentials on both domains. The same thing happens with several internal domains at my university, but that's a completely different account. I never reuse passwords on any of my accounts.





[quote name='brenty' timestamp='1303984158' post='25811']

Hiya, Joao!



Thanks for mentioning this. This has actually been suggested many times, and is something we are looking into. Security is a big concern, so even if we do implement something like this in the future, it would have to be carefully considered and may take some time to implement in a way that will not simply expose folks to phishing attacks. Web sites can be spoofed, and having multiple valid addresses for the same login broadens the attack vector if safeguards are not properly put in place.



Also, since I am sure that MobileMe is not somehow affiliated with your university, I can only guess that you are using your @me.com email address with the same password for all of these. While you are free to do as you wish, I strongly suggest that you take advantage of 1Password's Strong Password Generator to create random, unique passwords across your accounts, especially where the username is the same. Changing passwords is certainly annoying, but I try to imagine how much worse it would be if one of my accounts was compromised. One of the great things about 1Password is that updating your passwords doesn't mean having to memorize new ones! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/biggrin.gif' class='bbc_emoticon' alt=':D' />



In any case, though, creating multiple Login items is the only workaround, even in instances such as Google, where there are many services that literally use the same account. I am sorry I don't have a better answer for you, but hopefully in the future we will have good news. We have exciting things planned for 1Password. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />

[/quote]

khad

Thanks for the clarification. We can rest a bit easier in that one regard, but we will work harder to make 1Password even better. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



I would love to see "linked accounts" in 1Password, and that is something that is on our radar!



Cheers,

dynek

I was looking on the forum for this feature and found this thread.

Still no new stuff about this ? I am asking this because of Amazon for instance. I buy stuff from DE, FR, CO.UK and COM. I don't feel like creating 4 entries <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



Thanks

khad

Welcome to the forums, dynek!



While we don't have anything new to announce, this is something we have been looking at with an upcoming new data format. It is definitely on our radar. It just will take a bit of reworking in the data format which we are doing but is not a simple undertaking. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



Thanks for your patience and support!