Safe use of "When URL contains"

[BHiko]

Could someone remind me how to avoid an unexpected match of when URL contains.
e.g. I wish the same password for urls that contains paypal.com: the same password for www.paypal.com and www2.paypal.com
But I do not wish this password for
* www.hacker.tu/paypal.com or
* paypal.com.safe.hacker.tu

What do I fill in in the when url contains field?

[tanstaafl]

I usually use something like:

contains = .paypal.com/           use = paypal.com

[Romeo]

I like to start mine off with http://...  So in BHiko cse, I would set up two account http://www2.paypal.com and http://www.paypal.com.  The first part of the URL is the most important part of the URL IMHO.

[BHiko]

contains = .paypal.com/           use = paypal.com

Thanks tanstaafl
just for my understanding, why use = paypal.com? Isn't it assumed in this case?

[tanstaafl]

Actually, for financial accounts, I agree with Romeo - use the full URL in the 'When URL contains' field. The shorter way I used is to avoid having to worry about multiple instances, and/or the host changing something minor, Mine would usually keepo working, while Romeo's way would require you to account for the change every time.

But, as I said, it is much more secure as far as preventing phishing scams goes.

And no, the 'Use this URL' is never assumed - if you leave it blank, then it is using a BLANK URL to calculate the password. So, if you left it blank for all of your accounts, then none of them are using the URL to calculate the password.

Not really a major security risk, but it is important that you understand that it does work this way.

[tanstaafl]

And by the way - the number one Feature Request is for the ability to define multiple 'When URL Contains' entries for a single account, which would make dealing with this much easier, so you might want to go vote for it...