Identify sites that must have duplicated passwords

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

Identify sites that must have duplicated passwords

Postby jim827323821 » Thu Jul 18, 2019 12:26 pm

I searched the 4,000+ topics and gave up trying to find this suggestion.

My employer has MANY pages/sites/etc that trigger LastPass as having different credentials. However, we use SSO and despite having different URLs, etc., they all use the same password from the SSO system, these CANNOT be different.

I want a way to "group" these sites so that LastPass knows they will have the same password so it will stop whining about it during a security check. Also, this enables LastPass to update all of them if any of them get updated (after user confirmation).

I thought this feature existed, but I think if it does exist in some form, it keys off the higher level domain, such as AAA.xxx.com and BBB.xxx.com will have the same password. This is no longer the only use case due to SaaS products that can be integrated with the customers' SSO but still use a single SaaS URL.
jim827323821
 
Posts: 4
Joined: Thu Jul 18, 2019 12:19 pm

Re: Identify sites that must have duplicated passwords

Postby davem872 » Fri Jul 26, 2019 12:58 pm

Bump. I think this is semi-possible using Accounting Settings-->Equivalent Domains, but an easier way would be nice...e.g., perhaps an ability to see a list of domains with duplicate passwords and via checkboxes quickly select those that should be considered equivalent.
davem872
 
Posts: 8
Joined: Fri Apr 26, 2019 10:12 am

Re: Identify sites that must have duplicated passwords

Postby jim827323821 » Mon Jul 29, 2019 8:58 am

Unfortunately, equivalent domains does not accept subdomains, I need these to be equivalent: mycompany.someservice.com and mycompany.com
jim827323821
 
Posts: 4
Joined: Thu Jul 18, 2019 12:19 pm

Re: Identify sites that must have duplicated passwords

Postby davem872 » Mon Jul 29, 2019 3:35 pm

If you add the root domain to the equivalent domains sections it should include all subdomains by default...at least that is what the UI says:

"Please note that LastPass already considers *.domain.com to be equivalent."

One issue I've seen is if you save a password on a specific page like:

subdomain.domain.com/thisurl

And then try using it at:

domain.com/thisurl

It doesn't work.

However if you edit your first entry so that the URL is:

domain.com/thisurl

Then it should match

domain.com/thisurl

AND

subdomain.domain.com/thisurl
davem872
 
Posts: 8
Joined: Fri Apr 26, 2019 10:12 am

Re: Identify sites that must have duplicated passwords

Postby jim827323821 » Mon Jul 29, 2019 3:47 pm

Suppose I work at XYZ Corp, the domain is xyz.com, but I've also worked at ABC Corp, abc.com.

Suppose those two companies both use a particular service, PayStub, which uses paystub.com, but provides corporations with <theirname>.paystub.com. I now have URLs for xyz.paystub.com and abc.paystub.com, both have unique passwords.

I cannot make paystub.com equivalent to both xyz.com and abc.com.

I can see this type of pattern (a service corporation adding the client name to their domain) becoming more popular in the future.
jim827323821
 
Posts: 4
Joined: Thu Jul 18, 2019 12:19 pm

Re: Identify sites that must have duplicated passwords

Postby davem872 » Mon Jul 29, 2019 5:41 pm

I think I understand what you are saying, hopefully they will add subdomain level equivalency support sometime in the near future.

On a practical level, while this won't help you with when you have multiple accounts with different passwords for a single site, if you are talking about an SSO situation with multiple domains but a single account you could create an equivalency rule for all of these domains. For example, if your SSO provides authentication for:

- somesite.com
- thissite.com
- othersite.com

You could create an equivalency between all three so that one entry will work across all three sites...
davem872
 
Posts: 8
Joined: Fri Apr 26, 2019 10:12 am

Re: Identify sites that must have duplicated passwords

Postby jim827323821 » Tue Jul 30, 2019 8:33 am

jim827323821 Wrote:Suppose I work at XYZ Corp, the domain is xyz.com, but I've also worked at ABC Corp, abc.com.

Suppose those two companies both use a particular service, PayStub, which uses paystub.com, but provides corporations with <theirname>.paystub.com. I now have URLs for xyz.paystub.com and abc.paystub.com, both have unique passwords.

I cannot make paystub.com equivalent to both xyz.com and abc.com.


I should have pointed out that I would need to make the following "equivalences":

1) xyz.com and xyz.paystub.com
2) abc.com and abc.paystub.com

I will also point out that the use of "xyz" and "abc" is a matter of convenience, should (the fictitious) PayStub.com decide to limit name length, sites such as "freecreditreport.com" might become "fcr.paystub.com", and completely eliminate pattern matching. Other sites might not use the client name at all for security purposes, there could be no correlation between the URLs, yet the service still uses the client's SSO service.

Subdomain pattern matching is desirable, but won't solve this situation.
jim827323821
 
Posts: 4
Joined: Thu Jul 18, 2019 12:19 pm


Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 20 guests