Improve UX of set up [#2325409]

There are some issues with the set up form in that it only saves TFA data once entirely complete. If a user leaves the process in the middle their expectation may be that they have saved a new TOTP seed when it hasn't.

Steps:

1. After set up, login, then go to Security tab, click "Reset application"
2. Type in your current password
3. Scan or Manual input the key into Google Authenticator
4. Put one code (from the newly created account) generated by Google Authenticator into "Application verification code"
5. Click "verify"
6. At this new page, click "Logout"
7. Click login, and input password, then use one code (from the newly created account) generated by Google Authenticator. It will fail because set up didn't save the new totp seed.

Comment	File	Size	Author
#4	2325409-tfa-basic-better-ux-4.patch	13.92 KB	coltrane
#3	2325409-tfa-basic-better-ux-3.patch	9.94 KB	coltrane
#2	2325409-tfa-basic-better-ux.patch	7.81 KB	coltrane

Comments

Comment #1

greggles

he/him

English

Denver, Colorado, USA

commented 21 August 2014 at 13:40

We discussed a bit the current state and what could lead to confusion on these forms.

My suggestion based on that:
When it's a multi-step-mode, this problem could be reduced by saving on each step and using button label that clearly indicates that information will be saved.
For the totp step: "Verify and save" or "Cancel". For the trusted browser step "Save" and "Skip". For the recovery codes step "Save" and "Skip". A "cancel" option on the second or subsequent steps of the multi-step form is confusing - are you canceling this step or the whole operation? Users may assume the whole operation.

When in a single-step mode for trusted browser or recovery codes, it makes more sense for the buttons to say "[Verify and] Save" and "Cancel".