Thanks Shane, I'm excited to see this coming together!
I'm forwarding to sync-dev as well to get more eyes on the experience at
this point.
Cheers,
Ryan
-------- Forwarded Message --------
Subject: Sync Signin Confirmation - testers needed!
Date: Thu, 19 May 2016 16:39:03 +0100
From: Shane Tomlinson <[email protected]>
To: dev-fxacct <[email protected]>, Peter DeHaan
<[email protected]>, Karl Thiessen <[email protected]>, Edwin Wong
<[email protected]>
Hey all!
Vijay, Phil and I are in the final stages of developing a new feature
called "signin confirmation."
Because Sync is such high value data, we want to be reasonably sure the
only person that can access the user's Sync account is the user
themselves. With signin confirmation, any time a user signs *in* to FxA
for access to Sync, they must re-verify their email. Every. Time. This
measure is a kind of 2FA without being full 2FA.
Each sign in to FxA for access to Sync will act similar to a user who
signs up for a new account. The user will see a new screen that says
"For additional security, you must verify your email." They will receive
a new email that has security messaging. Once they click the link in the
email, the browser will start syncing.
We have come to a point where the bulk of the heavy lifting is complete
and we need to test in earnest.
I have set up an AWS stack that can be used to test all the Foxes.
https://confirm-signin.dev.lcip.org/
I have a handy user.js file that can be used for Firefox Desktop [1].
I am working on a test doc at [2], though this contains a lot of
information you will be unable to test without a full local development
stack.
What we need help with:
* Ensure you can sign up and in to Sync. Signing in will require an
additional email verification.
* Ensure the screens and emails you receive make sense.
* Ensure Sync does not start until *after* you click the verification
link in the email.
* Ensure you can reset your password.
* Ensure you can change your password.
* Testing on Fennec and Fx for iOS.
Any issues can be reported to me, or as Github issues in [3].
Thanks,
Shane
[1] -
https://gist.github.com/shane-tomlinson/4b15926babda1804f43b70885d3dfa0d
[2] -
https://docs.google.com/document/d/1ztLvUs6fK6h2ump6FWBXw2-7CyXYcC39zd10t1VdDQc
[3] - https://github.com/mozilla/fxa-content-server/issues/new
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
