Description
- I have searched open issues and pull requests. The issue I'm creating is not a duplicate of an existing open issue or pull request.
- Somewhat related to Wildcard / Subdomains #3835
Information about the feature to be added:
There may already be a way to do what I'm trying to do, I just couldn't figure it out from the CONTRIBUTING docs. My use case is for Student Loan servicers. It looks like all servicers are now required to host their sites on subdomains of studentaid.gov, e.g. <nelnet.studentaid.gov> and <aidvantage.studentaid.gov>. The Federal Student Aid website hosted at <studentaid.gov> does support 2FA, but not all of these servicer-specific subdomains do. Thus, password managers like 1Password will recommend setting up 2FA on these sites, but it's impossible to actually do so (Nelnet and Aidvantage are both examples of this). It would be great if there was a way to exclude the nelnet and aidvantage subdomains (and any others) from the studentaid.gov.json file.
Following the discussion on #3835:
... I have seen no implementation of a service (like Browser-plugins and 1Password), that really care for anything else than the main-domain and tld part of the URL itself to guess whether 2FA is available or not.
1Password does allow specifying different "autofill behaviors" though, including "Only fill on this exact domain". So one could have separate Login items for studentaid.gov and every relevant *.studentaid.gov, each with that behavior set. Ideally, the root domain item would suggest enabling 2FA, while the subdomain items would not. Presumably, other password managers could work similarly.
... site ranking doesn't care for subdomains and only meters the main domain, so it would be next to impossible to figure out the overall ranking of that subdomain
In the specific case of student loan servicers, I think you could treat their sites' rankings as equivalent to studentaid.gov. Idk if you'd want to use the root domain ranking for all sites though...