-
-
Notifications
You must be signed in to change notification settings - Fork 321
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add aliases to the password profile #278
Comments
It sound like a nice idea for me. But how will be the aliases stored, I'm not sure that the webextensions remember this kind informations when we close the browser ? |
@roipoussiere
It will set login field with So I don't understand the idea |
LessPass can currently store some informations about websites into a server. The idea here is to add the @guillaumevincent Yes, but if I go on |
So this is a bug :) |
@roipoussiere |
The behavior I'm explaining is that It should add url to the list of aliases in the site saved in the profile. Not replace, add. :) |
@roipoussiere the behaviour should be this one: #278 (comment) If this behaviour works as expected, you don't need a list of aliases |
Ok, lets do this: I totally admit that for both But it's not the purpose of this ticket. As you can see, even if I set the same master password, the generated passwords are different, because the My suggestion is to fill the |
Interesting idea as a workaround ... But how would you solve some of my use cases then: I have use cases as follows:
1,2,3 being different servers, but with identical Login-names. I do need different passwords in scenarios like these. |
Wow, It's not a typical use-case... Are you personally concerned by this or is it an hypothetical scenario who possibly appends to one user in few years? :D
|
I really wonder where you take the certainty about "typical usecases" from. For sure I am personally concerned, as are lots of other people, too, though not much of them might use LessPass or other Password-managers... because they simply don't know about it, or are not concerned about password security the way I am or we are. I think use cases are as different as people are, and as various as the web and applications outside the web are. And LessPass maybe has been created for special use cases once ( I don't know but @guillaumevincent will know). But the way it is designed today offers a broad variety of use cases, some people don't even think of. So sometimes ideas - meant good for sure - are a regression to those using the full potential LessPass offers. Modifying the master-password is clearly against the intention of LessPass - how many Masterpasswords do you want me to remember? I see no reason to reduce use cases (regardless of what you consider being typical or not) or to reduce the usability of a well designed software! |
@panther2 Example: So I think that the alias field will be optional. |
Yes, that is what I thought, and actually I was really interested in this idea. As this would be a good offer for those users looking for a FQDN-alternative. I was simply looking for an answer how to integrate my special use-cases above, needing different passwords and hoping for a practical solution. I did not expect a judgement about my use cases. |
@panther2 Ok, ok I tough it was very very uncommon :) But my proposition is totally retro-compatible and optional: In your use-case, you only need to don't set aliases. :)
Yes. And also the same
Actually I'm not thinking about a on/off button or similar. To add an alias, you just need to go to |
Meaning for example www.1.example.com www.2.example.com www.3.example.com could coexist together with example.com (if ever needed) in the database wihout being connected as alias? That would sound much better than
😉 ! |
don't spend to much time on this, this is a bug. if in database you have:
if you visit if in database you have
it should use the second password profile (with |
To be clear, I don't want to add aliases. The use case describes will be solved when I will fix the bug. my mantra:
Antoine de Saint Exupéry |
Good to hear that! But I don't understand... If this is just a bug, what is the purpose and the problem with this issue?
Remember that one of the use case I describe is also: I go to https://superuser.com and I would like that LessPass fills stackexange.com (which uses same logins) in order to generate the right password. |
Subscribing as my university has different portals for different scopes but all of them require the same login information 😄 but the state of the art of LessPass is that each of them gets a unique generated password because the site field is different each time. This should be implemented as easily as saving generation parameters. |
As I said... use cases vary with the users 😄 |
I am new to lesspass but I can confirm it would be usefull to me to associate multiple domains to the same account, and keep the functionnality to have subdomains with a different account.
|
+1 cross-domain aliases would be super useful |
Thanks @roipoussiere for taking the time to look for similar issues. @guillaumevincent I believe @Maxiride scenario illustrate pretty well the feature request or as roipoussiere said:
Same id, different domain. That's a use case I have and here is how I manage them:
Remember that we designed lesspass to provide privacy by default and we aim to store as little information as required. This feature request add more business value to the backend, as it will store and provide data, thus pushing us to rely even more on a database. I believe it's something that goes in the wrong direction as the more information we store the more valuable the database is to attacker. |
I see this is still open, and see the comment from #400 (comment) |
Hello @GaboFDC |
My company is using softwares which provide web interfaces and use our MS AD (or LDAP) for authentication phase (and some other softwares have their own DB). My issue comes from the "site" field which is filled with FQDN of the web site: I need to overwrite it to get the correct password. Therefore, having an Alias field (I would fill on my own with what I want) would be an improvement to me, that field being used in the password calculation instead of the "site" field currently used. |
I think this is a completely valid use case. |
LessPass Database will be closed in March. See announcement. This issue is no longer relevant. Closing it. |
Several websites use different domains but same authentication. For instance, stackoverflow.com and superuser.com. In addition, mainly websites uses several subdomains, and removing them should be great but it's more complicated that it sounds.
A solution is to store aliases in the database.
Scenario: I am on
example.org
, and I store this website. The pw profile looks like this.Now I go to
accounts.example.org
, and I fill the Site field withexample.org
, in addition to the user field. Then LessPass detects that there are two URLs for the same Site value, and update the pw profile like this:Then next time I go to
accounts.example.org
, the Site field is automatically set withexample.org
, with the right username.We can add a feedback to inform the user that it's an alias, for example by changing the Site field background color, or adding a little circle right to the this field. And also list all aliases in the Site tooltip.
The good point is that it can work with sites when the URLs are very different (such as stackoverflow.com and superuser.com).
LessPass could also set default aliases, ie.
"aliases": "www.example.org"
.The text was updated successfully, but these errors were encountered: