Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added shared credential for quicken.com and simplifimoney.com #729

Merged
merged 1 commit into from
Dec 7, 2023
Merged

Added shared credential for quicken.com and simplifimoney.com #729

merged 1 commit into from
Dec 7, 2023

Conversation

carlylemiii
Copy link
Contributor

Overall Checklist

for password-rules.json

  • The given rule isn't particularly standard and obvious for password managers
  • Generated passwords have been tested from this rule using the Password Rules Validation Tool
  • Information has been included about the website's requirements (eg. screenshots, error messages, steps during experimentation, etc.)
  • The PR isn't documenting something that would be a common practice among password managers (e.g. minimal length of 6)

for change-password-URLs.json

  • There is no Well-Known URL for Changing Passwords (https://example.com/.well-known/change-password)
  • The URL either makes the experience better or no worse than being directed to just the domain in a non-logged-in state

for shared-credentials.json

  • There's evidence the domains are currently related (SSL certificates, DNS entries, valid links between sites, legal documents etc.)
  • If using shared, the new group serves login pages on each of the included domains, and those login pages accept accounts from the others. (For example, we wouldn't use a shared association from google.co.il to google.com, because google.co.il redirects to accounts.google.com for sign in.)
  • If using from and to, the new group, the from domain(s) redirect to the to domain to log in.

for shared-credentials-historical.json

  • You believe that the domains were associated at some point in the past and can explain that relationship

@rmondello
Copy link
Contributor

Hi! Can you provide some evidence, even a sentence, that these websites are sharing credentials?

@carlylemiii
Copy link
Contributor Author

Hey, Ricky! If you go directly to simplifimoney.com, it actually redirects to quicken.com. But then if you choose to sign in to Simplifi Money from there, you're directed to app.simplifimoney.com. But then there, the login field is in an iframe with quicken.com as the domain.

CleanShot 2023-12-07 at 16 39 30@2x

@rmondello rmondello merged commit 5d32ac5 into apple:main Dec 7, 2023
5 checks passed
@rmondello
Copy link
Contributor

As always, thanks @carlylemiii!

rmondello pushed a commit to rmondello/password-manager-resources that referenced this pull request Dec 15, 2023
@carlylemiii @rmondello
Added shared credential for quicken.com and simplifimoney.com (apple#729
c1b804f 
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rmondello rmondello rmondello approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@carlylemiii @rmondello