On 7/26/2013 1:48 PM, Asa Dotzler wrote:
On 7/26/2013 1:14 PM, Mark Finkle wrote:
I worry about this approach in that Firefox does not know my Facebook
password unless I ask Firefox to save it. Even then, just because I
save my password in Firefox does not mean I want Firefox to
auto-login to services using that password. What if I save three
different passwords for three different usernames in my Firefox?
We should be more explicit about password usage and logging into
services.
If we think we can use Firefox stored credentials to smooth the flow,
(I do) I think we should definitely explore this further.
We need two things from a user to make Sync go. We need a verified
email address and we need a password. We need the email address for
all future account management (and for use as a auth username) and we
need a password so the user can securely auth additional devices.
Let's presume that at Sync Sign Up we ask the user for an email
address and a Sync password and they give us [email protected]
their Yahoo password. Now, we've got the two things we need from a
user, a verified email address and a password. The email ownership is
verified by the password manager or some quiet lookup we do with those
credentials because the password manager match gave us enough
confidence to do a potentially expensive lookup. The password happens
to be the user's Yahoo password and not a Firefox Sync specific
password but there's not much we can do to try to stop that. It's
gonna happen for enough of our users that discouraging it seems
counter-productive and not utilizing it when the user does give it to
us seems wasteful and user-hostile.
So, the user has given us what we need to go. Why would we ask the
user to jump through any further hoops? This could bring the
experience to "parity" with our competitors who already have hundreds
of millions of user accounts.
- A
Or, put more precisely. If we can eliminate (or maybe even simply delay)
the email dance for Sync sign up for even a fraction of users, I think
we should push hard to make that happen.
I know some people think it's crazy, but this is really the user
experience I want.
+------------------------------------------------------------------+
| |
| Create a Firefox Account |
| |
| +------------------------------------------+ |
| | | |
| | Your email address | |
| | +-------------------------------------+ | |
| | | | | |
| | +-------------------------------------+ | |
| | | |
| | Choose a password | |
| | +-------------------------------------+ | |
| | | | | |
| | +-------------------------------------+ | |
| | | |
| | +-------------------+ | |
| | | Create my account | or Sign in | |
| | +-------------------+ | |
| | | |
| +------------------------------------------+ |
| |
+------------------------------------------------------------------+
When the user hits the Create my account button, that's it. Stuff starts
syncing.
If the user has to do any more than this, we're failing.
We're probably not going to get to this ease of use for all of our Sync
signer uppers but if we can for a significant number of them based on
Firefox stored credentials, I think it's definitely worth a serious
exploration.
- A
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
