FxA Flows

Chris Karlof ckarlof at mozilla.com
Mon Nov 11 11:35:38 PST 2013


On Nov 11, 2013, at 10:23 AM, Ryan Feeley <rfeeley at mozilla.com> wrote:
> 
> Beyond that (and Chris tells me not make UX decisions based on my assumption of what makes good security), other sites probably keep these flows separate so that users accounts are not exposed. Most sites use “invalid email/password” messaging because saying “you got the email right, but the password is wrong” is helpful for attackers.

Ryan, I love that you are interested in security UI design and I don't want to discourage you. This issue is complex and it's not easy to hide whether a user has an account with us. It's a leaky sieve, and locking down all the holes might introduce unfortunate UX compromises. 

For example,

Google gives you a 

The username or password you entered is incorrect.

to disguise whether the username exists or not when you try to log in, but they'll reveal whether a given account exists or not here:

https://accounts.google.com/SignUp?

Type in your existing username they'll tell you right away whether that username is claimed or not:

Someone already has that username. Try another?

However, the sign in and sign up flows will have different rates so we can throttle them differently. 

I've re-opened the issue with engineering, so we can discuss further:

https://github.com/mozilla/picl-idp/issues/134

You might also check out pg 22 of:

http://www.jbonneau.com/doc/BP10-WEIS-password_thicket.pdf

-chris





> Because you may be syncing your saved passwords, we need to “take care of you” like we promised in our Firefox Design Values.
> 
> To be honest, I hope we can do more before we begin syncing passwords.
> 
> Thoughts?
> 
> 
> On Nov 8, 2013, at 4:39 PM, Francis Djabri <fdjabri at mozilla.com> wrote:
> 
>> 
>> Hi, 
>> 
>> Yes, that was the logic we used for the flow initially, with the ultimate goal that the user could sign in with just their email if using Persona. 
>> 
>> Francis 
>> 
>> 
>> On Nov 8, 2013, at 10:40 AM, Maureen Hanratty <mhanratty at mozilla.com> wrote:
>> 
>>> I thought part of the reason to separate the email entry from the password (rather then putting it into one form) was that in the event the user did have an account but didn't know about it we could detect that and on the second screen with the password entry tell them, "Looks like you already have an account. Type your password." This was the logic we used when coming up with the sign in flow for payments.  
>>> 
>>> On Nov 8, 2013, at 7:51 AM, Ryan Feeley <rfeeley at mozilla.com> wrote:
>>> 
>>>> On Nov 7, 2013, at 6:00 PM, Chris Karlof <ckarlof at mozilla.com> wrote:
>>>> 
>>>>> 1) Why the separate email and password entry for account creation and signup? Why are we so special that we need to do it differently from everyone else? Can we combine those into a single form?
>>>> 
>>>> 
>>>> Like this? http://cl.ly/image/471i2s0k3g0J
>>>> 
>>>> Ryan Feeley
>>>> Product Designer, Identity
>>>> Mozilla UX
>>>> IRC: rfeeley
>>>> 
>>>> _______________________________________________
>>>> Dev-fxacct mailing list
>>>> Dev-fxacct at mozilla.org
>>>> https://mail.mozilla.org/listinfo/dev-fxacct
>>> 
>>> _______________________________________________
>>> Dev-fxacct mailing list
>>> Dev-fxacct at mozilla.org
>>> https://mail.mozilla.org/listinfo/dev-fxacct
>> 
> 
> Ryan Feeley
> Product Designer, Identity
> Mozilla UX
> IRC: rfeeley
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/dev-fxacct/attachments/20131111/b750c03d/attachment.html>


More information about the Dev-fxacct mailing list