Prioritize exact subdomain matches when suggesting credentials

Kee browser extension
1

Problem

When visiting a website like subdomain2.example.com, the password manager extension currently shows all credentials matching the base domain example.com, including unrelated subdomains. This creates clutter and forces the user to search manually each time.

Example saved credentials:

  • example.com
  • subdomain.example.com
  • subdomain2.example.com

When accessing subdomain2.example.com, the list should prioritize credentials in the following order:

  1. subdomain2.example.com — exact match
  2. example.com — parent domain
  3. Other subdomains like subdomain.example.com

Current Behavior

  • All matches for example.com and its subdomains are shown together.
  • Users must scroll or start typing the subdomain name to find the correct entry.

I’ve reviewed the Preferred entries feature in Kee 3.6+, but it doesn’t address the issue of prioritizing logins by subdomain — relevant credentials can still appear below less specific matches.

Expected Behavior

  • Automatically prioritize credentials by domain specificity:
    • :white_check_mark: Exact match with current subdomain
    • :arrow_right: Base domain (e.g. example.com)
    • :arrow_down_small: Other sibling subdomains

Why this matters

  • Greatly improves usability when working with multiple subdomains.
  • Enables quick mouse-based selection instead of needing to type to filter every time.
  • Reduces the chance of choosing the wrong credentials.
  • Matches user expectations in modern, multi-subdomain setups.

Optional Enhancements

  • Group suggestions visually (e.g. section headers or icons for “Exact match”, “Base domain”, etc.)
  • Allow toggling this prioritization in settings (for advanced users)

Improving the matching logic to prefer exact subdomain entries will enhance UX, reduce errors, and make credential selection faster and more intuitive.

2 Likes
2

Thanks for outlining your ideas.

Please can you verify if the first part of your idea is already implemented?

For me, and by design, entries which match the exact subdomain are already at the top of the list (in both the main Kee button on the toolbar and the inline text box icon interface).

What I think we don’t currently do is to demote all other subdomains below the base domain. I don’t think there is any defined order regarding the entries that match the domain but not the specific subdomain, but I might just be forgetting something like a default alphabetical or modification date sort.

This all relies on knowing what is a TLD and what is a subdomain. Which in turn relies on the PSL, which is embedded within the Kee extension and Kee Vault at the time each version is built, and downloaded from the internet by the KeePassRPC plugin on a regular basis.

If there is a problem with the PSL (such as it being blocked and thus unavailable to KeePassRPC) or it is just out of date or incorrect for some TLDs (rare with established domain names), the behaviour might differ.