I have a number of domain names, and some of those domains names are split with sub-domains. For example, https://live.linux.uk and https://forum.linux.uk. Now obviously (!) these are two completely different sites, one is running Wordpress and...
I have a number of domain names, and some of those domains names are split with sub-domains. For example, https://live.linux.uk and https://forum.linux.uk. Now obviously (!) these are two completely different sites, one is running Wordpress and the other Discourse. (two completely different applications)
You will be both shocked and horrified to hear that I don’t use the same credentials on both, or at least I use the same username (email address) but choose completely separate passwords. Typically I let the browser pick a completely random long string of characters, then rely on the browser password manager to save them for me.
All cool, except for one thing. Chrome seems to have a feature called affiliated websites where for some inexplicable reason, it thinks you want to share a single password across multiple boxes. So when you save a password for a sub-domain site, and you already have a password for the main domain, depending on which way the wind is blowing, Chrome will store the same username (email address) and password, against multiple hosts.
Why is this bad?
When you change the password on one site, it will offer to save the new password. If you say yes, it will re-store the one entry that covers the other sites, so you will effectively lose the password for the other sites where you are using the same login id / email address (!) Now for me, my mail server is also on the same domain, so when it happened to me, yes it saved my website password, but then it wiped my password for my email and two other servers. (password resets aren’t fun when you can’t access your mail server …