Open roycewilliams opened 6 years ago
conorgil
commented
6 years ago Thanks for the issue @roycewilliams! Text real estate is pretty limited in the notification popup, but I'm sure we can craft some specific messaging for users who want more details there.
Did you have any particular wording in mind?
Maybe, if you configure it to do this, it could say something like "Hey! This site supports security keys!"?
roycewilliams
commented
6 years ago Whatever makes the most sense for the available space. If it's hard to cram it into the available space, no worries. :) Since more than one kind of 2FA can be available, finding a compact way to express them all could be very informative.
Brainstorming some "Hey! This site supports 2FA (thing)" combos ...
(hard tokens) (hard and soft tokens) (soft tokens)
or
(TOTP) (SMS, TOTP) (TOTP, U2F) (TOTP, U2F/FIDO2)
or
(security keys) (soft tokens) (soft tokens, custom hard tokens) (soft tokens, security keys)
Though with the latter, the distinction between security keys and custom hard tokens (such as those directly provided by some financial institutions) is important to know.
The geek in me wants the second option, since it is quite precise. But I can see where these terms won't have meaning for many users. That being said, it might actually be a good solution, since for the general user, just knowing that there's 2FA at all is the key issue, and they can refer to the site help page or twofactorauth.org for more detail. In other words, "Hey! This site supports 2FA (TOTP, U2F)" may be the sweet spot for both new and experienced users.
conorgil
commented
6 years ago
Related to #80, but instead of filtering, just including what kind of 2FA is available in the popup.