Skip to content
Cameo: membership organiser
  • Home
  • Features
  • Info
    • Demo
    • Pricing
    • More detail
  • For users
    • What’s New
    • Tutorials
    • Notes

Menu

  • Home
  • Features
  • Info
    • Demo
    • Pricing
    • More detail
  • For users
    • What’s New
    • Tutorials
    • Notes

Logging in using Chrome password manager

Posted by, Cameo on 10 Jan 2023

There is a catastrophic bug in Chrome’s password manager, where it confuses and overwrites passwords belonging to websites whose URLs use different sub-domains of the same domain name.

For example, when you use two entirely different login pages, such as https://www.example.com/wp-login.php and https://cameo.example.com/login, you can lose the password for the former.

It is possible to persuade Chrome to get this right, but it takes a little effort.

Contents

  • The problem
  • The solution
    • Changing and adding passwords in Chrome’s password manager
  • Better solutions
  • What not to do!

The problem

When you log in to a website, Chrome offers to save your password for you. Depending on your Chrome settings it may then share this across multiple computers. But if you then log in to a different site which is a different sub-domain of the first, with the same user name (typically your email address), and you say yes to saving its password, it overwrites the earlier password with the new one.

For example, in the following, example.com is the domain name.

Log in to https://www.example.com as me@ddje.uk with password mypassword1. (Please, don’t ever use a password like that: it is completely insecure; this is just for illustration). www.example.com is a sub-domain. Chrome saves your password against site https://www.example.com when you allow it to.

Then log in to https://cameo.example.com as me@ddje.uk with password mypassword2. cameo.example.com is another sub-domain. Chrome again offers to save this password. When you agree, it does not save a new entry for https://cameo.example.com but instead changes the password for https://www.example.com to mypassword2, losing your original password in the process.

This bug has been present in Chrome for years. It is not a Cameo problem, but often shows up with Cameo because it commonly shares a domain with your public web site. That is often WordPress or similar, so also has a log in.

The solution

You have to manually add or amend the entries in Chrome’s password manager: see below. Once you have two separate entries with the correct sub-domains, Chrome then appears to work properly. (However take care accepting any changes you make to passwords afterwards: it is not clear what Chrome does in those circumstances).

If you have more than two sub-domains (e.g. you also have test-cameo.example.com), you need to add a further entry for each.

Changing and adding passwords in Chrome’s password manager

  • Click the menu button (three vertical dots) at the top right of the Chrome window (Fig 1: 1), and select Settings (Fig 1: 2).
  • In settings, choose Autofill from the menu on the left (Fig 1: 3), then Password Manager. Or just use the search bar to search for password.
  • If you have already hit the problem, locate the entry (e.g. www.example.com) in the Saved Passwords list (there is a search box if you have a long list: Fig 1: 6).
  • Click the three dots alongside and choose Edit Password (Fig 1: 4; you may be asked for your computer PIN or password to allow this – be patient, it can take a while for the box to do this to pop up).
  • Correct the password for that sub-domain if it is the wrong one, and Save (Fig 2). You can click the eye icon to see the password.
  • Click the Add button at the top of the list of saved passwords (Fig 1: 5).
  • Enter the site (the second sub-domain name, e.g. cameo.example.com), username (typically your email address) and the separate password for that site, then Save.

Fig 1: Chrome password manager (from Chrome version 108: earlier or later versions may not be exactly the same)
Fig 2: adding or amending a password (note that you can’t change the domain name for an existing password)

Better solutions

A better solution would be to use a proper password manager. The free version of BitWarden would probably be adequate in most circumstances. 1Password has a good reputation, but does not have a free tier. LastPass suffered from catastrophic data leaks in late 2022; I cannot recommend them any more.

Also, don’t forget there are multiple ways to log in to Cameo with methods other than a password:

  • use biometrics or a hardware key on your desktop, or
  • use FaceID or TouchID on your phone to authenticate your Cameo login.

What not to do!

Don’t try to solve this problem by using the same password for both sites. Always use unique, strong passwords for all sites (and turn on two-factor authentication where available).

Posted in NotesTagged Login

Post navigation

← Subject access requests
Encrypted backups →

Subscribe to updates

Quick Start

  • A rapid-fire guide to what Cameo can do and where to look.

Recent Articles

  • Organisation rôles 14 Aug 2023
  • More control over backups 10 Aug 2023
  • Editing report templates 2 Aug 2023
  • Substitutions for contributions 1 Aug 2023
  • About spam block lists 26 Jul 2023
  • Named areas re-worked 12 Jul 2023
  • List source options 12 Jul 2023
  • Classification of bounced emails 17 Jun 2023
  • Additional link checking in the editor 7 Jun 2023
  • Dark mode checks in template editor 22 May 2023

Categories

  • Getting Started
  • Notes
  • Questions
  • Tutorials
  • What’s New

Subjects

Admin API Apps Attachments calendar Checkin Contacts CSV Deposits Donations Email Enrolment Events Filestore Filters Financial Forms Fundraising get started Getting started Gift aid History Import Lists Login MembershipRecords News Builder Notifications Optout Payments Questions Reconciliation Reports Searching Security Signup Stationery Stripe Substitutions Tags Templates Trading UI Version10 WordPress
Cameo is produced by David Earl.