[keycloak-dev] Usability: Improve screen for setup TOTP

Stan Silvert ssilvert at redhat.com
Thu Nov 21 16:22:51 EST 2019 

On 11/21/2019 9:20 AM, Marek Posolda wrote:
> On 21. 11. 19 12:02, Marek Posolda wrote:
>> I want to ask some feedback about the screen for the "Setup TOTP" .
>> I've created JIRA https://issues.jboss.org/browse/KEYCLOAK-12168 ,
>> which contains some screenshot of how currently the screen for the
>> required action for "Setup OTP" looks like. In other words, this is
>> displayed to the user at the end of the authentication when he has
>> "Setup TOTP" required action on him.
>>
>> Few questions:
>>
>>    * Is the "Device name" appropriate label? Would something like
>>      "Authenticator App Label" be better?
I think Device Name is fine.  You could put placeholder text inside the 
field that says, "My Device".  This would make it clear what it is for.
>>
>>    * Should it be more emphasized that "Authenticator App Label" is not
>>      mandatory? IMO it is currently not very clear. Also there is
>>      nothing in the help-text about this input field. Maybe we can add
>>      another sentence to point 3 like "Optionally provide Authenticator
>>      App Label as a reference." I am not very happy with that sentence.
>>      Any better ideas?
I wouldn't count on the user reading and comprehending what is in that 
text.  He will probably just skim that text.  But it doesn't hurt to 
explain a little more anyway.  Suggestion for second sentence, "You can 
optionally provide a Device Name to help you manage your OTP devices.

In addition, label the first field "One-time Code".  It currently has no 
label.  Second field can be labeled "Device Name (optional)".

Normally, we use an asterisk to denote required vs. not required. Then 
you have something like:
"* = Required fields" as a key.  But with only two fields I think that 
would be overkill.  So just putting "optional" in parens seems best.
>>
>>    * Alternatively we can use separate screen for providing the
>>      "Authenticator App Label" . In other words, there will be just
>>      single input for OTP code and than once user clicks "Submit" and
>>      OTP code is successfully verified, there will be another screen
>>      where he can provide "Authenticator App Label" . It seems Google
>>      is using separate screen for providing labels when user register
>>      Security Key.
>>
>>    * Any better ideas?
>>
>>    * We can possibly improve the old account console in similar manner.
>>      Currently it looks like in screenshot setup-otp-account-mgmt.png .
>>      Maybe we can at least change the label for "Device name" and also
>>      add another sentence to the help text?
>>
> One more point: At the bottom of the page for register TOTP, we possibly
> need the link "Try another way" or something like that. This link will
> be displayed just if user is currently trying to "Register 2nd factor
> credential" because he is required to do so, and he has some more
> alternative credential types to register (EG. WebAuthn).
If the user is unable to complete the setup process he is stuck.  At the 
very least, the user needs somewhere to go back to.  You could make him 
start the login process over.  From there he might be able to choose a 
social login.

If "another way" is available then I agree that it should be provided as 
an option.

>
> Marek
>
>> Thanks,
>>
>> Marek
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list