This is not so much of an issue as it is more of a great suggestion on something we should focus more to improve. In the next few weeks we will be releasing new versions that will have a better in-page detection model that we hope will alleviate some of this kind of experience, please keep letting us know if you find more issues going forward.
Actually it is an issue and a important one at that. If the plugin can't detect differences in the URL, what's the point of forcing users to install the plugin? And then keep bugging us to install the plugin when we refuse to?
Two different sites with completely different credentials. If that isn't an issue, I don't know what you consider one. It doesn't even need to be better "in-page detection". How about just looking at the URL of the page?
Agreed and I am not minimizing the importance of what you are reporting but as I said since we will be introducing a drastic change with the in-page detection model, and it would not make any sense to work on fixing this issue since the model will be a complete different one. I suggest to see within our next 2 new version releases if the issue you are bringing to us has been dealt with, otherwise I will encourage you to submit a ticket to our support team so it can be properly escalated to us.
Thanks. I will look out for the updates and see if they resolve my issue.
Just to add to this thread, we have never supported a sub domain with a port number and most likely the next few versions wont change anything on the ports detection as part of a sub domain.
We Mods appreciate your attention to detail and immense Product knowledge. And your responding to our requests.
All the Best
Thank you Marc
I think there are several possible user preferences on the site matching and auto-fill/login features (they are linked).
For site matching feature, these parameters are possible:
- Protocol (e.g. http, https, ftp, etc.)
- Host (e.g. example.com, www.example.com, *.example.com, etc., domain/sub-domain matching)
- Port (e.g. example.com:8080, example.com:80, and even the lack of specification of a port)
- Path (e.g. example.com/path/to/login, etc.)
- Multiple combinations of these for a set of usernames/passwords (in my country, the nation-wide ticketing agent has multiple websites with completely different domain names, but one can log into any of them with the same account — poor SSO architecture I know, but that's the way it is**)
** Side question: Does True Key support multiple domains for one set of credentials?
For the auto feature, these parameters are possible:
- Auto-login (True Key auto-fills the credentials that best matches and logs in automatically — but this will require as precise a matching as possible)
- Auto-fill (True Key auto-fills the credentials but does not log in)
- No auto-fill nor login (True Key does not do anything; it is up to the user to choose and fill, but will not require a very precise matching)
- Under the above category: Single field manual fill (the user can choose which field True Key stores to fill into the selected field — Keeper has this feature for instance)
The thread starter above prefers a stricter matching which includes both the host and port, and auto-login, as defined above.
On the other hand, I prefer a looser matching — as long as the domain (example.com) matches, regardless of the subdomain, port, path, or protocol, I would like the credential to show up as an option. And I want no auto-fill nor login — I do not want the site to have my credentials pasted into, even though it's just on the browser, unless I explicitly tell the plugin to do so. Put another way, the auto behaviour I'd prefer is similar to Keeper's.
Because of the wide spectrum of preferences, and the complexity that could confuse users if the full customisation features above are, may I propose:
- Let users primarily choose one of the auto feature of "auto-login"-"auto-fill"-"none".
- Under "Advanced Matching Settings" or similar, give the user the options to:
- Host matching: Exact (i.e. subdomains must be equal), or Domain only (i.e. as long as the domain part matches, it qualifies)
- Port matching: Exact, or Any
- Any other matching setting as appropriate
- Note that these matching settings should simply shortlist the credentials that the user may use in the site. If there is only one matching credential, and "auto-login" or "auto-fill" is selected, the app should proceed to fill automatically. If there is more than one, the app should not fill anything, and let the user to select the correct credential to fill (similar to the "none" case).
- Let users specify more than one URL per credential.
- A possibility might be to allow the user to search for any credential in the database to fill (in another screen) whenever he wants to (such as if none of the credentials according to the matching settings in point 2 match the current site, but of course, making it easy this way will make it easier for people to fall for phishing attacks.
Taken together, this should make a better product that fits the needs of a wide spectrum of users.
All these are great points, I will convey them to the right team so they can be taken in account.
Just as an aside workaround, if you manually add your second credential for the same domain (domain.com and domain:8080) - you should get prompted with both sets each time you go to example.com or example.com:8080. Turn off auto-login and you should be good. Just select the right login for the site being accessed. That is if the plugin is working right, currently I have lost the multiple account popup on Firefox but it still works on Edge.
Also, if you select to launch access via a TK tab via Launch Pad that should also work with the proper URL manually added for each site. Not as seamless as native detection but it should work.