I find it very easy to explain SQRL to cryptocurrency fans since a lot of the same concepts apply.
UX Help welcome
- Thread starter kalaspuffar
- Start date
- Watchers 14
I find it very easy to explain SQRL to cryptocurrency fans since a lot of the same concepts apply.
G
Gristle
Guest
Totally. I actually find explaining SQRL easier than bitcoin, blockchain, etc. because SQRL solves a very common and obvious problem that people have whereas I am often asked "why would I want to use bitcoin over something like android pay?"
That's so true. When your average person hears all of those added considerations yes "their eyes glaze over in frustration".
Agreed, and I think those are a good part of the early SQRL adopters.The low hanging fruit.
I posted this on another thread, but it's a UX issue so I'll mention it here, too. I see absolutely no reason to have the notification clear the QuickPass. Tapping the notification should launch the app; as it is the user (uselessly, so it seems) has to go searching for the app to pull it up even though the notification is right there.
I just don't see the security advantage in letting people clear the QuickPass. Anything you're concerned about that might cause you to want to do that would also make you want to reboot the phone. The QuickPass is secure enough as long as it stays in protected memory, and I'm not sure of the reason for treating it like something that could go wrong at any second and needs a quick way of clearing it.
I say, let the notification launch the app instead of clearing the QuickPass.
I just don't see the security advantage in letting people clear the QuickPass. Anything you're concerned about that might cause you to want to do that would also make you want to reboot the phone. The QuickPass is secure enough as long as it stays in protected memory, and I'm not sure of the reason for treating it like something that could go wrong at any second and needs a quick way of clearing it.
I say, let the notification launch the app instead of clearing the QuickPass.
The notification for the Waze app has a close button on the notification you can close the app from here or otherwise tapping on the main part of the notification opens the app. So, assuming there is some reason to want it, you could have a similar operations.
Hi @Mark_roudebush
This feature was discussed in another thread
And also over in the GitHub repo
github.com
We're leaning at removing this feature in the future. The reference client doesn't have this indication and I've gotten user feedback that the feature is confusing and unnecessary.
Maybe we'll add a feature deep in the settings in the future to disable quickpass or clear quickpass.
Best regards
Daniel
This feature was discussed in another thread
And also over in the GitHub repo
Tap the status bar icon to scan QR code · Issue #288 · kalaspuffar/secure-quick-reliable-login
Tap the status bar icon to scan QR code Short description of the feature Give the user the ability to tap the quickpass status bar icon to go directly to scanning. Use cases After the user has enab...
github.com
We're leaning at removing this feature in the future. The reference client doesn't have this indication and I've gotten user feedback that the feature is confusing and unnecessary.
Maybe we'll add a feature deep in the settings in the future to disable quickpass or clear quickpass.
Best regards
Daniel
I would like to cast a dissenting vote. The "QuickPass active" state is one in which the eternal and precarious security/convenience balance is knowingly and deliberately shifted in the direction of convenience and, conversely, ever-so-slightly away from security. And it is a transient state that reverts with no action or indication. So, personally, I feel that SOME indication of the fact that SQRL is in that state is entirely appropriate. If I am prompted for the full password when all I should have been expecting was the QuickPass prompt, that is a significant event!Hi @Mark_roudebush
This feature was discussed in another thread
And also over in the GitHub repo
Tap the status bar icon to scan QR code · Issue #288 · kalaspuffar/secure-quick-reliable-login
Tap the status bar icon to scan QR code Short description of the feature Give the user the ability to tap the quickpass status bar icon to go directly to scanning. Use cases After the user has enab...
We're leaning at removing this feature in the future. The reference client doesn't have this indication and I've gotten user feedback that the feature is confusing and unnecessary.
Maybe we'll add a feature deep in the settings in the future to disable quickpass or clear quickpass.
Best regards
Daniel
I would even go so far as to argue that @Steve should update his client to change the SQRL system tray icon color to amber (with a corresponding hover text) to indicate when GRC's QuickPass is active.
Dave
Any progress @Mark_roudebush ? Didn't know if you still needed concept layout design work or not, still on hold here.
Hi all, my sincerest apologies. I have had some family emergency come up and have been distracted. I keep thinking I will get back to SQRL and consistently doesn't happen. I would still like to deliver some initial designs to you all but wanted to at least communicate where I was at.
Hi @Mark_roudebush
Even though I'm waiting to see some results and I'm curious.
I am a father and I believe that family comes first so if you need to take your time then do so. If you feel that it will take months then I'll see if someone could help out but so far I think you and @FlorinaV have started up in a very structured and good way so I think the result could be really good if we take the time.
And in my mind, we have a working product we just don't have the wow factor that will make it appealing to the masses yet but then again marketing could solve that as we release a new UI in the future.
Best regards
Daniel
Even though I'm waiting to see some results and I'm curious.
I am a father and I believe that family comes first so if you need to take your time then do so. If you feel that it will take months then I'll see if someone could help out but so far I think you and @FlorinaV have started up in a very structured and good way so I think the result could be really good if we take the time.
And in my mind, we have a working product we just don't have the wow factor that will make it appealing to the masses yet but then again marketing could solve that as we release a new UI in the future.
Best regards
Daniel
I saw a little of the discussion on QuickPass above and I thought a little in the line of convenience vs security.
With the Lastpass (an authority in security/convience if you ask me) app for Android I only have to type a password about once a month because I use my fingerprint for authentication. When Steve designed the first SQRL client, fingerprint readers didn't come into question because they aren't widely integrated into desktop OS', unlike Android. Couldn't we think of only requiring a password once a month when secrets are protected by Andoid's security device using fingerprint?
Keep up the great work Daniel!
This is what I've done, but due to testing and I think some Android app management, it gets knocked out quite often. Nothing that can't be addressed.
QuickPass getting cleared out might be due to 1. the amount of allowed background android apps (see related settings in the android Developer menu), 2. any RAM / cleanup / "optimizer" apps on the phone, 3. something more I just forgot ... and probably some things I don't know that I don't know, but that could also have the same effect
Hey all, I'm sorry for falling off. Just as things in life start to look like I'll be able to focus fully on this, something else pops up. Now my work is pulling me in. I'm ramping up on some big things now at Google and won't be able to dedicate time. My desire to contribute here far outweighs my ability to own this. I was excited to work with you as well @FlorinaV but it sounds like you may have more time. If I can pop in from time to time and add value I certainly will. I want to see Steve's vision come to fruition.
There are some things I could add about the approach for SQRL UX imho...
- You all are very smart and see SQRL and its details in ways that the average person will not. The UX must meet people where they are or you will lose them in technical jargon that they just won't invest their energy in. We risk making common users feel like this isn't for them because it is too advanced and they will abort. Oversimplify (truly! think the old KISS mentality with the UX too), while potentially giving advanced users a way to the details (information) and devices (functionality) that they might need.
- Don't make this experience two apps. This was mentioned at one point. This will be a point of failure for the UX.
- I'm not sure what or how it would work, but I did have the idea that you could build an onboarding experience that pointed users to a SQRL new user site. The site would act as a demo they would sign into as their first experience but the information on the site, on arrival, during the process, and after logging in would help to give feedback to them and build confidence.
- There are many categories of challenges products have when designing for them and SQRLs is a mental model challenge. Mental model in the sense of can we explain why users should care about this and how it works in a very concise way that they get and trust. They need to be able to truly comprehend how this will merge with their existing solutions. How it fits into the ecosystem of password managers (whether or not they are using them).
- Now saying the challenge with how users perceive SQRL, I would really recommend testing. I would rev on language/ nomenclature and interaction models and, even if it is loose and informal do some consistent, measurable testing. Perhaps even some exploratory interviews with common users around how they think about the subject, related products, their own current behaviors.
I know, those are solutions but to design this, you have to frame up your challenges and these are just a few that I could see coming into the project.
Please feel free to @ me for anything and if I can jump in I will. I also don't want to step on @FlorinaV's toes if she is going to own this.
Side note, if anyone is going to be at Defcon this year, I'd love to meet you, share a beer or just say hi.
Best,
/m
There are some things I could add about the approach for SQRL UX imho...
- You all are very smart and see SQRL and its details in ways that the average person will not. The UX must meet people where they are or you will lose them in technical jargon that they just won't invest their energy in. We risk making common users feel like this isn't for them because it is too advanced and they will abort. Oversimplify (truly! think the old KISS mentality with the UX too), while potentially giving advanced users a way to the details (information) and devices (functionality) that they might need.
- Don't make this experience two apps. This was mentioned at one point. This will be a point of failure for the UX.
- I'm not sure what or how it would work, but I did have the idea that you could build an onboarding experience that pointed users to a SQRL new user site. The site would act as a demo they would sign into as their first experience but the information on the site, on arrival, during the process, and after logging in would help to give feedback to them and build confidence.
- There are many categories of challenges products have when designing for them and SQRLs is a mental model challenge. Mental model in the sense of can we explain why users should care about this and how it works in a very concise way that they get and trust. They need to be able to truly comprehend how this will merge with their existing solutions. How it fits into the ecosystem of password managers (whether or not they are using them).
- Now saying the challenge with how users perceive SQRL, I would really recommend testing. I would rev on language/ nomenclature and interaction models and, even if it is loose and informal do some consistent, measurable testing. Perhaps even some exploratory interviews with common users around how they think about the subject, related products, their own current behaviors.
I know, those are solutions but to design this, you have to frame up your challenges and these are just a few that I could see coming into the project.
Please feel free to @ me for anything and if I can jump in I will. I also don't want to step on @FlorinaV's toes if she is going to own this.
Side note, if anyone is going to be at Defcon this year, I'd love to meet you, share a beer or just say hi.
Best,
/m
Hi @Mark_roudebush
Great to hear from you and sad that you got swamped with work. I know the feeling as I've been busy the last weeks and just recently got some time back. But there is still a lot to prepare before summer.
I'd be honored if you, @FlorinaV, would take over after Mark as you are well aware of the project. I have also heard that @silversword is eager to help so hopefully you could continue collaborating to create a good onboarding experience and user interface that appeals to a broader audience as Mark described above.
Best regards
Daniel
Great to hear from you and sad that you got swamped with work. I know the feeling as I've been busy the last weeks and just recently got some time back. But there is still a lot to prepare before summer.
I'd be honored if you, @FlorinaV, would take over after Mark as you are well aware of the project. I have also heard that @silversword is eager to help so hopefully you could continue collaborating to create a good onboarding experience and user interface that appeals to a broader audience as Mark described above.
Best regards
Daniel