UX Help welcome

  • New Wordpress Plug-In Forum
    Guest:

    Just a note that we have a new forum to contain discussions relating to the Wordpress plug-in which Daniel Persson originated and has been making great progress on. You'll find it under "Server-Side Solutions."

    /Steve.

shanedk

Well-known member
May 20, 2018
317
86
Well I think the selling feature depends on who you are.

[...]

If you're a nerd and/or technology lover, you may well have already used SSH, and SQRL is like a shinier version of the public/private key abilities already built into SSH.
I find it very easy to explain SQRL to cryptocurrency fans since a lot of the same concepts apply.
 

Gristle

Well-known member
Feb 16, 2019
341
70
I find it very easy to explain SQRL to cryptocurrency fans since a lot of the same concepts apply.
Totally. I actually find explaining SQRL easier than bitcoin, blockchain, etc. because SQRL solves a very common and obvious problem that people have whereas I am often asked "why would I want to use bitcoin over something like android pay?"
 
Mar 12, 2019
17
4
San Francisco
mr-ux.com
It all boils down to what matters to the person. For me, the simplest thing I could say to excite a non-technical person is that SQRL logs into websites for you, and you don't need to remember or even create a username and password, and the sheer simplicity of logging in, literally just tapping login, and magic! You're logged in securely!

If that isn't enough to excite them, then I doubt anything else will. The wow factor is truly when they see it in action, so I firmly believe this will all be driven by word-of-mouth and press coverage.

When I compare this to "you should use a password manager, be sure to make different passwords for each site, and Oh! Also don't forget to use two factor authentication, but not SMS codes because those are insecure" their eyes glaze over in frustration.
That's so true. When your average person hears all of those added considerations yes "their eyes glaze over in frustration".
 

shanedk

Well-known member
May 20, 2018
317
86
I posted this on another thread, but it's a UX issue so I'll mention it here, too. I see absolutely no reason to have the notification clear the QuickPass. Tapping the notification should launch the app; as it is the user (uselessly, so it seems) has to go searching for the app to pull it up even though the notification is right there.

I just don't see the security advantage in letting people clear the QuickPass. Anything you're concerned about that might cause you to want to do that would also make you want to reboot the phone. The QuickPass is secure enough as long as it stays in protected memory, and I'm not sure of the reason for treating it like something that could go wrong at any second and needs a quick way of clearing it.

I say, let the notification launch the app instead of clearing the QuickPass.
 
  • Like
Reactions: sengsational

Dave

Well-known member
May 19, 2018
388
73
Gardner, MA
I posted this on another thread, but it's a UX issue so I'll mention it here, too. I see absolutely no reason to have the notification clear the QuickPass. Tapping the notification should launch the app; as it is the user (uselessly, so it seems) has to go searching for the app to pull it up even though the notification is right there.

I just don't see the security advantage in letting people clear the QuickPass. Anything you're concerned about that might cause you to want to do that would also make you want to reboot the phone. The QuickPass is secure enough as long as it stays in protected memory, and I'm not sure of the reason for treating it like something that could go wrong at any second and needs a quick way of clearing it.

I say, let the notification launch the app instead of clearing the QuickPass.
The notification for the Waze app has a close button on the notification you can close the app from here or otherwise tapping on the main part of the notification opens the app. So, assuming there is some reason to want it, you could have a similar operations.
 

kalaspuffar

Well-known member
May 19, 2018
269
91
Sweden
coderinsights.com
Hi @Mark_roudebush

This feature was discussed in another thread

And also over in the GitHub repo

We're leaning at removing this feature in the future. The reference client doesn't have this indication and I've gotten user feedback that the feature is confusing and unnecessary.

Maybe we'll add a feature deep in the settings in the future to disable quickpass or clear quickpass.

Best regards
Daniel
 
  • Like
Reactions: Mark_roudebush

Dave

Well-known member
May 19, 2018
388
73
Gardner, MA
Hi @Mark_roudebush

This feature was discussed in another thread

And also over in the GitHub repo

We're leaning at removing this feature in the future. The reference client doesn't have this indication and I've gotten user feedback that the feature is confusing and unnecessary.

Maybe we'll add a feature deep in the settings in the future to disable quickpass or clear quickpass.

Best regards
Daniel
I would like to cast a dissenting vote. The "QuickPass active" state is one in which the eternal and precarious security/convenience balance is knowingly and deliberately shifted in the direction of convenience and, conversely, ever-so-slightly away from security. And it is a transient state that reverts with no action or indication. So, personally, I feel that SOME indication of the fact that SQRL is in that state is entirely appropriate. If I am prompted for the full password when all I should have been expecting was the QuickPass prompt, that is a significant event!

I would even go so far as to argue that @Steve should update his client to change the SQRL system tray icon color to amber (with a corresponding hover text) to indicate when GRC's QuickPass is active.

Dave
 

shanedk

Well-known member
May 20, 2018
317
86
To be clear, it was never the notification I was complaining about. It's the fact that tapping it clears the QuickPass. In every other case, tapping the notification launches the app.
 
Mar 12, 2019
17
4
San Francisco
mr-ux.com
Any progress @Mark_roudebush ? Didn't know if you still needed concept layout design work or not, still on hold here.
Hi all, my sincerest apologies. I have had some family emergency come up and have been distracted. I keep thinking I will get back to SQRL and consistently doesn't happen. I would still like to deliver some initial designs to you all but wanted to at least communicate where I was at.
 

kalaspuffar

Well-known member
May 19, 2018
269
91
Sweden
coderinsights.com
Hi @Mark_roudebush

Even though I'm waiting to see some results and I'm curious.

I am a father and I believe that family comes first so if you need to take your time then do so. If you feel that it will take months then I'll see if someone could help out but so far I think you and @FlorinaV have started up in a very structured and good way so I think the result could be really good if we take the time.

And in my mind, we have a working product we just don't have the wow factor that will make it appealing to the masses yet but then again marketing could solve that as we release a new UI in the future.

Best regards
Daniel
 

user51

New member
Feb 19, 2019
3
3
The "QuickPass active" state is one in which the eternal and precarious security/convenience balance is knowingly and deliberately shifted in the direction of convenience and, conversely, ever-so-slightly away from security.
I saw a little of the discussion on QuickPass above and I thought a little in the line of convenience vs security.

With the Lastpass (an authority in security/convience if you ask me) app for Android I only have to type a password about once a month because I use my fingerprint for authentication. When Steve designed the first SQRL client, fingerprint readers didn't come into question because they aren't widely integrated into desktop OS', unlike Android. Couldn't we think of only requiring a password once a month when secrets are protected by Andoid's security device using fingerprint?

Keep up the great work Daniel!
 
  • Like
Reactions: silversword

kalaspuffar

Well-known member
May 19, 2018
269
91
Sweden
coderinsights.com
Hi @user51

If you put your quickpass timeout to a really large value you could have your fingerprint for auth for a really long time and only be required to use your password when the quickpass fails or is removed from memory.

Best regards
Daniel
 
  • Like
Reactions: user51

sengsational

Well-known member
Feb 17, 2019
115
34
If you put your quickpass timeout to a really large value you could have your fingerprint for auth for a really long time and only be required to use your password when the quickpass fails or is removed from memory.
This is what I've done, but due to testing and I think some Android app management, it gets knocked out quite often. Nothing that can't be addressed.
 

Simon9

Active member
Mar 13, 2019
43
4
This is what I've done, but due to testing and I think some Android app management, it gets knocked out quite often. Nothing that can't be addressed.
QuickPass getting cleared out might be due to 1. the amount of allowed background android apps (see related settings in the android Developer menu), 2. any RAM / cleanup / "optimizer" apps on the phone, 3. something more I just forgot ... and probably some things I don't know that I don't know, but that could also have the same effect :)
 
Mar 12, 2019
17
4
San Francisco
mr-ux.com
Hey all, I'm sorry for falling off. Just as things in life start to look like I'll be able to focus fully on this, something else pops up. Now my work is pulling me in. I'm ramping up on some big things now at Google and won't be able to dedicate time. My desire to contribute here far outweighs my ability to own this. I was excited to work with you as well @FlorinaV but it sounds like you may have more time. If I can pop in from time to time and add value I certainly will. I want to see Steve's vision come to fruition.

There are some things I could add about the approach for SQRL UX imho...

- You all are very smart and see SQRL and its details in ways that the average person will not. The UX must meet people where they are or you will lose them in technical jargon that they just won't invest their energy in. We risk making common users feel like this isn't for them because it is too advanced and they will abort. Oversimplify (truly! think the old KISS mentality with the UX too), while potentially giving advanced users a way to the details (information) and devices (functionality) that they might need.
- Don't make this experience two apps. This was mentioned at one point. This will be a point of failure for the UX.
- I'm not sure what or how it would work, but I did have the idea that you could build an onboarding experience that pointed users to a SQRL new user site. The site would act as a demo they would sign into as their first experience but the information on the site, on arrival, during the process, and after logging in would help to give feedback to them and build confidence.
- There are many categories of challenges products have when designing for them and SQRLs is a mental model challenge. Mental model in the sense of can we explain why users should care about this and how it works in a very concise way that they get and trust. They need to be able to truly comprehend how this will merge with their existing solutions. How it fits into the ecosystem of password managers (whether or not they are using them).
- Now saying the challenge with how users perceive SQRL, I would really recommend testing. I would rev on language/ nomenclature and interaction models and, even if it is loose and informal do some consistent, measurable testing. Perhaps even some exploratory interviews with common users around how they think about the subject, related products, their own current behaviors.

I know, those are solutions but to design this, you have to frame up your challenges and these are just a few that I could see coming into the project.

Please feel free to @ me for anything and if I can jump in I will. I also don't want to step on @FlorinaV's toes if she is going to own this.

Side note, if anyone is going to be at Defcon this year, I'd love to meet you, share a beer or just say hi.

Best,

/m
 

kalaspuffar

Well-known member
May 19, 2018
269
91
Sweden
coderinsights.com
Hi @Mark_roudebush

Great to hear from you and sad that you got swamped with work. I know the feeling as I've been busy the last weeks and just recently got some time back. But there is still a lot to prepare before summer.

I'd be honored if you, @FlorinaV, would take over after Mark as you are well aware of the project. I have also heard that @silversword is eager to help so hopefully you could continue collaborating to create a good onboarding experience and user interface that appeals to a broader audience as Mark described above.

Best regards
Daniel