I dislike having to ask the user to do the same thing multiple times - that's tedious and (I think) on the verge of insulting.
I do like the idea of presenting it in multiple parts, with say the last 3/4 ths blurred unintelligibly, then the first 1/4 and last 1/2, etc. You get a four-part question, but the user doesn't see it as the same question. -tom On 10 March 2014 10:08, Stefan Birgmeier <[email protected]> wrote: > > On 10/03/14 17:44, Daniel Kahn Gillmor wrote: >> >> Hi folks-- >> >> Thinking about Tom's proposed usability testing gave me another idea for >> a fingerprint comparison UI, which i wanted to float here. It might be >> a terrible idea. >> >> I think we all agree that fingerprint transcription is more effective at >> avoiding a false match than comparison with "click OK" -- but >> transcription is also more tedious, prone to human error, and more time >> consuming. >> >> I wonder if it's possible to split the difference from a UI/UX >> perspective somehow. >> >> For example, if the application knows that the user is in a use case >> where the user is trying to compare the current connection's fingerprint >> with something they have received out of band, rather than displaying >> the actual fingerprint received on the wire, the UI could display >> several candidate fingerprints and have them choose the correct one from >> the set, like a police lineup. This could even be done more than once, >> with the "correct" print listed in each of them (or with "the >> fingerprint is not listed here" as an option). >> >> Care would have to be taken to present only subtle variations, or to >> include the "not listed here" option with greater regularity, or to >> present several pages of different choices so that people have to >> consider each of them. We want to avoid the "oh, it's the one that >> starts with 6" response. >> >> Do you think this UX would be an improvement over either "click OK >> comparison" or complete transcription? Could we make it less tedious >> than transcription, but more secure than "click the OK button to get >> this out of my way and let me get to work" experience? >> >> What kind of security properties would this hybrid UX have? >> >> --dkg >> > Hi, > > Maybe split the fingerprint into several parts (like 4), and do as suggested > with the parts? That would maybe make it less tedious. It also makes it more > suitable for mobile devices since the screens are not that wide. Your > proposal sounds good for mobile devices - you do not have to use a virtual > keyboard to type in the fingerprint while avoiding the let's-just-click-ok > scenario. > > Stefan > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
