Exact URL and Port Matching for Passwords

Q1. What is the problem that you are trying to solve?
I have multiple logins where the domain is the same but the host in the login URL is different.

For example:
Login 1 = loginpage1[.]main-domain[.]com:443
Login 2 = loginpage1[.]main-domain[.]com:8443
Login 3 = loginpage2[.]main-domain[.]com:443

If I chose to enable exact URL + Port matching on Login 1, I don’t want Login 2 or Login 3 to appear as options when I visit the Login 1 page.

Q2 - Who is impacted?
Advanced users such as Enterprises with many assets on 1 domain or Managed Service Provider (MSPs) with multiple client environments in different sub-domains.

Q3 - Why is it important and/or urgent?
Think of this from the perspective of a managed service provider who uses Passbolt as their password manager. By not having this capability there is a certain level of risk introduced in that it is possible to log in to the wrong account because ALL of their client logins are presented as logins just because they are on a shared domain. This can cause unintended harm. If strict URL + Port matching was in place, that becomes a non-issue.

Q4 - What is your proposed solution? (optional)
There are URL rules in several competitor platforms that allow for this including BitWarden, Dashlane, LastPass, that allow for this and I have attached images of these settings for each.



Hi @mm_pba,

As of now, passbolt is already taking this risk into account.

If the protocol and port are precised in the url associated to a password like in login1, only password matching an url having this protocol and port will be suggested.