Should additional methods always be indicated as not completed?

[pkevan]

In the above screenshot, it would appear like it's expected (by the user) to have TOTP and backup codes - pretty sure it's expected that an additional backup method is set, but not two.

[StevenDufresne]

Ideally we have as many factors configured on an account.

However, we also received feedback during a walkthrough that the "x"'s icons were intense.

[pkevan]

Perhaps a non-red icon could be used to indicated Not configured rather than required.

[StevenDufresne]

We could move to the warning|info icon.

[StevenDufresne]

Here are some options:

@WordPress/meta-design Thoughts on updating the UI for yet-to-be-configured factors?

Option A

Option B

Option C

Option D

[jasmussen]

Two options:

These move the help-text to the right, adjusts it a little, and allow that help text to serve as confirmation or a prompt. With or without color can work.

Rather than using destructive red to imply you really should be using 2fa, I'd rather we increase the prominence of the suggestion text. A third option:

In the above mockups, there's a little less space used than what's shipping, so there should be room in the final version to make the text still more verbose, if need be.

[StevenDufresne]

I like those explorations. Thanks for the thoughtful takes.

I think the timing may not be right to make such a drastic change as most of our communication has gone out (recently) and it includes many screenshots of the current UI. I think the options you've presented do add some subtle and interesting improvements, but I think for now I would prefer we implement minimal changes while we help the remaining users configure their 2fa.

I'm inclined to just change the color and use a friendlier icon for now. @pkevan Thoughts?

[jasmussen]

A smaller change can work. I don't know the color change is really meaningful, though, I'd hade to see a red splotch next to a security key if I'm never going to add one.

[pkevan]

I'm inclined to just change the color and use a friendlier icon for now. @pkevan Thoughts?

I somehow wonder if we're attempting to do this wrong by putting everything on the same screen when in fact we want users to have 2 out of 3 setup? Should 2 Factor methods (key, totp, backup) be it's own screen?

Either way, we need it to be clear what is or isn't required, and anything with red or a x appears like we want more from the user, and you start reading Two Factor XXX and tune out as a user and look for the simplest path to compliance 😁

[StevenDufresne]

That's a good point, see https://github.com/WordPress/wporg-two-factor/issues/291.