Lockwise does not utilize the full Website Address that is input and instead truncates to just the Domain Name #147
Description
Reproduction Steps:
- Create new Credential with website address of:
https://citiretailservices.citibankonline.com/RSnextgen/svc/launch/index.action?siteId=PLCN_HOMEDEPOT&langId=en_US#signon
Username:
TestAccount
- Save new Credential
- View Credential from step 2 and notice that for Website Address it only saved:
https://citiretailservices.citibankonline.com
- Create new Credential with website address of:
https://citiretailservices.citibankonline.com/RSnextgen/svc/launch/index.action?siteId=PLCN_COSTCO&langId=en_US#signon
Username:
TestAccount
- Save new Credential and Receive Error
Conclusion:
If you have a Citibank CC entry stored for Home Depot
https://citiretailservices.citibankonline.com/RSnextgen/svc/launch/index.action?siteId=PLCN_HOMEDEPOT&langId=en_US#signon
but you also have a Costco CC
https://citiretailservices.citibankonline.com/RSnextgen/svc/launch/index.action?siteId=PLCN_COSTCO#signon
Since Lockwise truncates the Website Address down to the Domain Name (with subdomain) then it doesn't see the two as unique entries since the Username for both is the same and we all know people can use the same username.
You should be able to save both logins separately as you really should not use the same password for both, the user can not be forced to change their username.
By saving the entire address so that the Website Address remains unique you handle the potential problem of the users username is not always going to be unique.
This will obviously bring up the question of "Ok, but what are we supposed to do if the website owner makes a change and that URL is no longer legitimate?" and the answer is that if the user ends up on the domain of citiretailservices.citibankonline.com and a username and password box is on the page and that page does not match one of the two that you have saved above... give the user the option to use either of them.
And BOOM... Issue solved.