You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
TL;DR: Sometimes enterprise IT has software that isn't part of their SSO. This causes endless confusion both for users and password managers.
Real life example:
Tel Aviv University has the following websites sharing SSO credentials:
nidp.tau.ac.il
www.ims.tau.ac.il
several others
However, they also have a different subdomain for payroll, ihilanet.tau.ac.il which is run by an outside contractor, a big co with their own identity management system.
Safari, and probably other password managers, assume that these websites are related based on domain suffix and suggests more than one password. It's displayed like so:
The "from this website" gives me a hint that there's a distinction between an exact subdomain match and a password saved from another domain. But for this website, suggesting these other sites amounts to password reuse: this subdomain has a separate credential backend.
So in summary, my suggestion is to add a new rule type to the quirks - to allow to specify a subdomain to be definitively unrelated to another domain or subdomain.
I'm not sure as to how to properly represent a "non-equal" relation type, but here's an attempt at a syntax:
TL;DR: Sometimes enterprise IT has software that isn't part of their SSO. This causes endless confusion both for users and password managers.
Real life example:
Tel Aviv University has the following websites sharing SSO credentials:
nidp.tau.ac.il
www.ims.tau.ac.il
However, they also have a different subdomain for payroll,
ihilanet.tau.ac.il
which is run by an outside contractor, a big co with their own identity management system.Safari, and probably other password managers, assume that these websites are related based on domain suffix and suggests more than one password. It's displayed like so:
The "from this website" gives me a hint that there's a distinction between an exact subdomain match and a password saved from another domain. But for this website, suggesting these other sites amounts to password reuse: this subdomain has a separate credential backend.
So in summary, my suggestion is to add a new rule type to the quirks - to allow to specify a subdomain to be definitively unrelated to another domain or subdomain.
I'm not sure as to how to properly represent a "non-equal" relation type, but here's an attempt at a syntax:
The text was updated successfully, but these errors were encountered: