Generate backup codes should save the new code about unilogin HOT 8 OPEN

It's a fair criticism but since saving costs tokens due to the nature of the code, we can't automatically save every time the user generates a new one. Sometimes the user is just curious and clicking around, or hasn't decided if they want to do this now or later, or how many codes they want.

I would suggest other layouts. Maybe showing an alert when trying to leave the page, or some sort of "this is not saved yet" message.

from unilogin.

UniversalLogin is going to get a lot of visibility and hopefully lots of use soon, so I think this is really important before it starts getting adopted.

I believe that showing a code that isn't saved is highly dangerous.
Users will assume that the recovery code is live. (I did and then realised that I needed to save it first).

We will end up with users who thought they had printed a recovery code, stored it safely and when they need to use it, find out the hard way that the code was useless (as it wasn't saved) and their account unrecoverable.

Compare this with the cost that some curious users will pay for a backup code which they may not need after going through messaging.

At the point of the Backup code button messaging of the cost of the code could be included, for example, and the user has the choice whether to proceed:

Back up your account

If you lose all your devices you may not have other ways to recover your account. Generate a recovery code and keep it safe

This will cost 2 clicks

Adding messaging when attempting to leave the page could still result in users printing a code and then closing the app/browser. One user with an unsaved code feels like too many.

from unilogin.

One user with an unsaved code feels like too many.

I agree. I will try to think about ways to make this process more clear, with more warnings before the user leaves it, a dedicated print button, etc

from unilogin.

I’ll have a look when I get back to Australia (just waiting to take off).

A warning could still end up with users with codes printed and stored away thinking they are safe but the codes are not saved.

I still strongly believe the example app (which developers will use as best practice) should not show codes until they are saved onchain.

from unilogin.

@abcoathup @alexvandesande Let me know if you'd like to re-open this issue, closing for now to keep the repo clean as conversations seems resolved for now.

from unilogin.

@Kyrrui Whilst the example app still has the potential for users to end up with recovery codes that they haven’t saved then I believe we should keep it open until resolved.

from unilogin.

@abcoathup Now there is a warning upon leaving the generate codes screen if you have not backed them up.

from unilogin.

I would suggest other layouts. Maybe showing an alert when trying to leave the page, or some sort of "this is not saved yet" message.

What if you change the actual interaction and charge the user only when they save? This feels like too many steps overall. Something needs to be combined.

Also, in the demo each code has a username shown above the code, repeated 3 times. I know that it's to encourage cutting out of the individual codes, but imo the user is more likely to print the page 3 times or simply save it as a PDF. This could be simplified down to 1 display of the username and all codes listed below it. Listing the username 3 times is a bit too much to look at.

from unilogin.