• Skip to content
  • Skip to primary sidebar
  • Skip to footer

Foliovision

Main navigation

  • Weblog
    • FV Player
    • WordPress
    • Video of the Week
    • Case Studies
    • Business
  • About
    • Testimonials
    • Meet the Team
    • We Support
    • Careers
    • Contact
    • Pricing
  • Products
  • Support
    • FV Player Docs
    • Pro Support
  • Login
  • Basket is empty
Affordable VAST/VPAID for Wordpress has arrived. Serve ads with your videos starting today!

How to Setup LastPass On Subdomains

26 February 2018 / Katerina Ivanova / 6 Comments

Update May 2021: We do not recommend LastPass under any circumstances. LastPass was bought first by an awful competitor LogMeIn in October 2015 and then even worse since December 2019 both are in the hands of private equity for $4.3 billion. After LogMeIn acquired LastPass, there have been never ending security breaches, the technology and interface have stagnated, while subscription prices have shot skyward year over year. In the hands of private equity, expect this kind of userbase exploitation to ever worse.

Fortunately there is a much better competitor, Bitwarden which we’ve used for almost five years now and which you should use too. The interface is better, the browser plugin is far more reliable. Bitwarden is the creation of a sole creator, Kyle Spearrin, who built Bitwarden from the ground up in a superhuman effort, including doing support for a couple of years while he built Bitwarden up. Now of course there is a larger team in place but Bitwarden is still very close to the technical founding team and is much better for it.

All of the good things we say about using a password manager like LastPass below apply to Bitwarden.
 

What is LastPass and why you should use it

As they say, the only secure password is the one you can’t remember. This is the idea that keeps password managers like LastPass going. With LastPass, you only need a one super-strong master password (there goes the name—”the last pass you’ll ever need”), which can be a line from your favourite song translated to a different language you speak, a quote from a movie, or any other phrase that is not too easy to hack.

Once you’ve entered the master password, LastPass will let you access your credentials for every other account saved in LastPass (Facebook and Twitter logins, e-mail, etc.) or do the autologin (If you activated it. Don’t do it.). This way, you can use strong generated passwords for your accounts, without having to remember them or writing them down.

The great thing about LastPass is that it stores your data encrypted online and the data is only decrypted locally in your browser with your key, which even LastPass itself does not have. This way, LastPass users are protected from hacker attacks like the ones that happened to Adobe or Apple users.

For us as an agency, an important feature of password managers like LastPass, is sharing passwords with our clients and among our team members. This way, we don’t need to send each other passwords or keep a document with all the passwords, which is way too far from secure. However, if you do need to send somebody your credentials, make sure you make the effort to use services like Reveal It!, that delete your message as soon as it is seen by the recipient.

Security is a number one priority for us at Foliovision, because we are responsible for the safety not only of our own accounts, but also of our clients’. As we once wrote, LastPass has its issues, but still, it is the best option we found so far to secure our passwords.

HOW TO USE URL RULES TO FIX THE ISSUE WITH AUTOLOGIN ON SUBDOMAINS

As much as we like using LastPass, we’ve discovered one annoying issue when using subdomains. The problem was, that when you have different credentials for several subdomains, LastPass would often fill in the wrong login information as the first option. This was because LastPass didn’t recognize the subdomains and treated them as domains. For example, we had this problem with these domain and subdomains:

  • cc.foliovision.com
  • foliovision.com
  • comments.foliovision.com

Luckily, we’ve found a solution to this problem (big thanks to Rich for his helpful blog post).

We’ve found this fix to be quite easy, once you figure it out. You need to specify the exact URL, and LastPass will ignore all other sites in your vault, even similar ones within the same domain. To do so, you need to create a URL rule. Here’s how to make it:

1. Go to your LastPass vault and press the account settings button.

2. Click on the URL Rules thumbnail.

3. Click Add.

4. Put the address of the subdomain into Domain or Host field and click Add. Now the LastPass should only offer to autofill the login information for this specific subdomain and ignore the others. We didn’t need to write anything in the Path field, specifying the exact URL was enough.

5. Use the same procedure to add all the other subdomains.

Now you are all set!

Final Thoughts

There are a lot of reasons you should use a password manager: it generates random and complicated passwords that you don’t need to remember and allows you to share sensitive information as securely as possible.

Don’t repeat Irene Adler’s mistake! Human-generated passwords are generally weak and easy to hack.

Even though we found LastPass to be the best password manager so far in terms of price and quality, this isn’t your only option. The most popular alternatives for LastPass are Dashlane and 1Password. They are all not perfect, but the benefits of using a password manager definitely outweigh the risks.

However, all of those password managers will be useless if you don’t take care of your cyber security hygiene. We probably don’t need to mention the basics like not reusing the same passwords, not sending any sensitive information via messaging, or using a public Wi-Fi network. Or do we?

But one thing is often overlooked by the users—the browsers’ inbuilt password managers. Firstly, you risk that in case your device gets stolen or accessed, the safety of your passwords and other sensitive information will be compromised. Secondly, the recent breach in Opera browser shows that the browsers’ password managers aren’t sophisticated enough at this point to secure your passwords from hacker attacks.

That’s why you should never save your passwords and logins in your browser. If you ever did so, make sure you delete all your passwords from your browser right now (here is an easy guide on how to do it). Even if you usually don’t save the passwords in your browser, it still might be a good idea to check this, cause these pop-ups are quite sneaky and you could have pressed “Save” by mistake.

Be aware of these risks and truly commit to keeping your passwords safe!

KI00KI

Categories: IT, WordPress

Related Posts

  1. Best Practices for Sharing Sensitive Information

  2. LastPass and the NSA: How Secure Is LastPass.com?

  3. Lost your password in WordPress?

    Lost your password in WordPress?

Reader Interactions

Comments

  1. Taras 9 September 2020 at 11:08 am

    Thank you!

    Reply
  2. Alexandre 29 September 2020 at 12:32 pm

    Thanks a lot. This works great. Why Lastpass doesn’t speak about it ? Strange

    Reply
  3. Eric 25 October 2020 at 9:07 am

    This is a work-around for some very irritating behavior. Why doesn’t LastPass sort on the subdomain first and match other subdomains after that? Because of some internal domains, we have lots of subdomain passwords and it’s always a pain to get the right one to match. Clearly a flaw in the software.

    Reply
  4. Rob 12 June 2021 at 12:50 pm

    So, what if there are 14433 subdomains…. add each by hand? (no, I’m not joking) There must be a general setting to just enable this. (In fact it should be the default anyway!) Or would a wildcard work? Something like *.domain instead of adding each one manually?

    Reply
  5. Avatar photoAlec Kinnear 16 June 2021 at 5:29 pm

    I would recommend that you not use LastPass under any circumstances, Rob. Bitwarden is better in every way. Bitwarden is $10/year for individuals, $40/year for a family of up to six users, free for two people in an organisation, $3/month/user for teams. If you have a really small business with less than six people using password sharing, you could probably get away with using the family plan.

    Reply
  6. Nope no Good 16 September 2022 at 3:01 am

    100% what others said. That is still not a good workaround for subdomains when you work for a company with dozens of subdomains like mine at a major university.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

You can click here to Subscribe without commenting

Primary Sidebar

Categories

  • Business
  • Camera Reviews
  • Case Studies
  • Design
  • FV Player
  • Internet Marketing
  • IT
  • Life
  • SEO
  • Slovak
  • Video of the Week
  • WordPress

Footer

Our Plugins

  • FV WordPress Flowplayer
  • FV Thoughtful Comments
  • FV Simpler SEO
  • FV Antispam
  • FV Gravatar Cache
  • FV Testimonials

Free Tools

  • Pandoc Online
  • Article spinner
  • WordPress Password Finder
  • Delete LinkedIn Account
  • Responsive Design Calculator
Foliovision logo
All materials © 2025 Foliovision s.r.o. | Panská 12 - 81101 Bratislava - Slovakia | info@foliovision.com
  • This Site Uses Cookies
  • Privacy Policy
  • Terms of Service
  • Site Map
  • Contact
  • Tel. ‭+421 2/5292 0086‬

We are using cookies to give you the best experience on our website.

You can find out more about which cookies we are using or switch them off in .

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Necessary Cookies

Strictly Necessary Cookie allow you to log in and download your software or post to forums.

We use the WordPress login cookie and the session cookie.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

Support Cookies

Foliovision.com uses self-hosted Rocket.chat and self-hosted Freescout support desk to provide support for FV Player users. These cookies allow our visitors to chat with us and/or submit support tickets.

We are delighted to recommend self-hosted Rocket.chat and especially Freescout to other privacy-conscious independent publishers who would prefer to self-host support.

Please enable Strictly Necessary Cookies first so that we can save your preferences!

3rd Party Cookies

This website uses Google Analytics and Statcounter to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

We reluctantly use Google Analytics as it helps us to test FV Player against popular Google Analytics features. Feel free to turn off these cookies if they make you feel uncomfortable.

Statcounter is an independent Irish stats service which we have been using since the beginning of recorded time, sixteen years ago.

Please enable Strictly Necessary Cookies first so that we can save your preferences!