LastPass Vault should allow for multiple URLs to one entry The reason:
You have one account for a single service but need to log in on multiple domains or surfaces: The same login works on their homepage, on a support page (that uses a different URL) or their mobile app.
Autofill does only work with one URL today so I have to search manually in LastPass for the correct password again and again and that is very annoying.
Since this s the same account I refuse to generate multiple entries for those.
This feature already exists - except your wording is off. Well, at least partly. You can have one set of credentials work at multiple domain names.It's called equivalent domains.It's under 'account settings.
Thanks @Logic for that tip. Wasn´t aware of this. Now the next question occurs - what is the correct entry here if it´s about apps? I have a banking app on ios and have the password in my vault. When I open the banking app I get asked for the password and I can choose autofill with lastpass. But lastpass doesn´t know which entry to take. So I have to search for the name of the banking app in the lastpass dialogue each and every time. Then I click on it and the login works just fine. How can I match this app and its entry in lastpass so that lastpass exactly knows which password to use when I open the app? Thanks for your support
Consider the situation where you work in an organization who hosts many applications under a domain: contoso.com. Each application is hosted in its own subdomain such as timecard.contoso.com or test.timecard.contoso.com. These applications may have different credentials, such that you could have 100's of entries in LastPass within the domain contoso.com.
With URL Rules, you can add entries for each individual application's subdomain. In the case of contoso.com, this could mean dozens of rules, which is difficult to manage. So I propose this feature:
As a LastPass user,
I would like to configure LastPass to strictly match all subdomains within a particular parent domain,
So that I can more quickly find the credentials I need without creating URL rules for each subdomain.
Example current behavior:
For that matter, being able to "wildcard" paths after the domain would be useful as well.
I came here wanting to suggest that equivalent domains be less of a gigantic pain to use, and found this suggestion already here, which appears to address basically the same thing.. I don't "refuse to generate multiple entries" and in some places domains aren't even actually equivalent, they just share an SSO structure in the background of their completely disparate sites (the Google and Facebook widgets are somewhat an example of that practice widespread, but many others exist and some don't let you just press a button; you do actually have to log in using the account, you just don't have to create a *new* account for that site.) But creating an equivalent domain is an incredibly clunky and annoying experience, which is rarely worth the trouble compared to having two entries (which both have to be updated every time your password changes, but at least both work consistently and don't require you to manually type in a list of TLDs.)However, there's also that "security checkup" constantly popping up to remind you that your username and password are the same on both of these sites, so it would be almost trivial to have a "Make them equivalent" or "merge accounts" button or something, to have LastPass be(come) aware that you are NOT reusing the same password in a dozen places, but that one single account has a dozen different URLs (e.g. an Active Directory login that is applicable to all different URLs in that organization's domain.) This would make the security challenge thing become an actually useful function instead of a constant false alarm, and let you update with a new password only once each time you change your environment's password.
Clearly, it will be difficult to account for the myriad constellations in which such overlap may become manifest. But an attempt at managing would most certainly be welcome to many.
How do I handle multiple IP addresses? I tried setting them up in "Equivalent Domains", but doesn't seem to work. I don't get a login suggestion when browsing to the IP.
I also tried adding multiple entries in the "URL" field and separating them by a comma... that didn't work. I wish it were this easy.
I will give this suggestion a bump/vote.
Furthermore, I have always used Lastpass as my 'source of truth' for any and all login hyperlinks I need to save.
That is to say, not only does Lastpass remember every password in my life... it also remembers for me the 400 web portals on which I maintain accounts.
If two of these portals share account credentials, the issues noted above are valid. (Equivalence is clunky, Apps are excluded, Security Check shows less than 100% compliance, etc.)
I would add, though, that equivalence fails entirely to address my original point: Where can I easily see my login portal hyperlinks so I may choose which portal to enter? As of now, I will continue to maintain two entries (For Github and my linked Development Boot Camp login; for my bank's Mobile and Desktop login sites,) but I think the ability to set two entries as 'Associated,' thus removing them from the security conflict list, would make more sense than the 'equivalent domain' model.
I understand the title probably raises some red flags, but this suggestion is not in an effort to promote using the same credentials with multiple vendors or service providers. In some environments, there is a business need to use a set of credentials across multiple domains.
Example 1: In many organizations, AD credentials are used across multiple domains. The current lastpass implementation would require me to save an entry into lastpass for every page or product that might prompt for AD credentials.
Example 2: In a similar vein, at our organization, we engineer networks for customers all over the country. We never know from day to day which device we might need to log into (https://device_ip). A secure set of credentials exists for these devices for different groups within the organization and it is not practical to maintain individual sets of credentials on a per user, per device basis for each device type (fortigate, cisco router, etc).
Being able to right click on a login field and select a credential from a set of 'favorites' or similar in the lastpass context menu would make Lastpass easier to use across the entire organization.
I agree that equivalent domains is not the same as allowing multiple URLs for one password. Two examples:
Lastpass should handle those four different scenarios with two passwords (one for both user user portals, one for both admin portals) and correctly autofill all four pages with the appropriate credentials.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.