URI detection: sort results by match exactness

Feature Requests Password Manager
1

I propose a new (default) URI Match Detection logic:

Show in descending order:

  • exact hits
  • starts with
  • host
  • base domain

It could be called “Automatic” match detection.

Example:

Logins in bitwarden:
 - university.org
 - sub1.university.org
 - sub2.university.org

Result for https:// sub1.university.org/:
 1) sub1.university.org   # host
 2) university.org        # base
 2) sub2.university.org   # base

(Maybe another few lines of code could rank university.org before sub2.university.org in this example.)

It would solve this issue of mine:
My default match detection scheme is “Base domain”, which works fine with 90 % of my logins. The remaining 10 % (still about 100 logins!) are sites with different subdomains and logins, but the same base domain (my university, for example, where I have 17 entries). There, I must manually change to “Host”.

If this algorithm were the default, I would never have to change these settings. The wrong logins would be displayed, but the correct one would always be the top result.

2

The current options allow you to get the exact matches you need. I wouldn’t want to see any results that don’t meet the match detection criteria I’ve set. If a vault entry is set to “host” match detection, I definitely wouldn’t want to see results that don’t match the exact host.

3

I know that I have the options, but I have to manually set them for about 100 entries. With my proposed algorithm, everything works as expected.

If a vault entry is set to “host” match detection, I definitely wouldn’t want to see results that don’t match the exact host.

If they were below the best match, they would not bother me in the least.

Most bitwarden users probably never touch such settings, so it makes sense, imo, to write a smarter default algorithm.

5

I think this is a very interesting idea, but I share @danmullen’s concern as well. Specifically in the case the OP mentions (17 distinct sub-domains/URIs and 100 credentials), the proposed search could yield an overwhelming number of hits returned to the user.

I suggest that if URI match detection will incorporate rules-based logic, then the logic should be complete. Specifically, if a higher-order match is made, then no further matches should be returned; otherwise, cascade the search down to the next search level.

For example, given this search order for a query:

  1. exact hits
  2. starts with
  3. host
  4. base domain

Logic: if an ‘exact hit’ is matched, then only that result is returned and the search is complete. If not, move to a ‘starts with’ search and return all matches. If no ‘starts with’ matches are found, move to ‘host’ matches, etc.

6

You are right, that would be even better!

7

On mobile, I’ve noticed that if you don’t have an exact match it does actually give you some suggestions. For example, if you have some credentials saved for a website but don’t have the app package name set up as one of the URIs to match against, it does often show the correct credentials as a suggestion.

2 Likes