search

nextcloud / passman

🔐 Open source password manager with Nextcloud integration
https://passman.cc
GNU Affero General Public License v3.0
789 stars 108 forks source link

Settings UX sometimes strange or even dangerous #314

Open rugk opened 7 years ago

rugk commented 7 years ago

Just some screenshots for inspiration:

In the share menu: grafik

I have no idea what these buttons mean. When I want to generate a new key, do I have to press "generate key" first, then "save key" and before everything maybe select my key size first? Secondly after doing so (which I assume, is the right process, but not everyone may think so and e.g. only press on "generate key" or so) the key-size option jumps back to "2048bit", so it seems there is no "status", which shows me how long the key, which is shown there in plain-text actually is. Maybe this also confused me in https://github.com/nextcloud/passman/issues/311#issuecomment-307336281

Thirdly you maybe do not want to show the private key at all, if users do not need to copy it. Actually an attacker could trick less technical users to copy this private key with some social engineering. There is no warning and users not knowing RSA/the concept of public key crypto, do not now that this may leak all their password (or, doe snot it do so?).

Maybe on button "regenerate key", which automatically saves the key would be enough?

In the password settings: grafik

First, maybe you should change the text to "password generation" or "default password settings" as it of course does not affect already saved passwords. Secondly here is a save button, whereas in all other panes (except the one described before) there is no such button.

In NextCloud it actually seems to be the default to save changes instantly without clicking any button and maybe only notify the user that it has been saved/was changed/etc. You seem to do it quite differently here, which is not good IMHO. Okay, maybe it is good when seeing things like password changing (which should not be done automatically), but it is still quite strange. Maybe better make a general save button, which saves all changes in all settings tabs.

Also this inconsistency: https://github.com/nextcloud/passman/issues/313

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/46056967-settings-ux-sometimes-strange-or-even-dangerous?utm_campaign=plugin&utm_content=tracker%2F44880056&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F44880056&utm_medium=issues&utm_source=github).
elioqoshi commented 7 years ago

Thanks @rugk, I will have a look at this as soon as I can.