URI matching, what am I missing?


#1

I’m a new BitWarden convert and everything is working well, but there’s one area I’m a bit confused about and it has to do with URI matching. My default is “base domain” and I have not overridden that for any logins. They all say “Default match detection”.

I have an Android app, Fidelity NetBenefits installed. Here are the URI’s from the login:

https://www.fidelity.com
androidapp://com.fidelity.android
androidapp://com.fidelity.wi.activity

When I run this app, BitWarden correctly finds the Fidelity login, but it also suggests a bunch of other logins that might be matches.

Here are the URI’s from one of them (the Hunter Hydrawise app):

http://app.hydrawise.com
androidapp://com.hydrawise.android2_2

I can’t for the life of me understand why this would be considered a possible match for Fidelity. There are a handfull of others that are suggested that are all similarly confusing.

Could someone help me out and explain what’s going on here? On the face of it, it looks wildly wrong and that’s worrying me a bit about BitWarden in general.


bc


#2

Support informs me that the wi in .hydrawise. matched the .wi. in the Fidelity Android app URI. While it clearly does, the matching seems a bit more permissive that I would have imagined. I’d have expected it to restrict matching to cases where the wi appears alone between two dots, but so it goes I guess.


bc


#3

I am finding the mis-matching rather a problem too. Prevents auto-login working successfully in many cases.

I’d like to be able to change the default method across all my saved passwords/sites.