User:Dasch/Firefox/Authentication Dialog: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 1: | Line 1: | ||
The current HTTP and FTP authentication dialogs have several | The current HTTP and FTP authentication dialogs in Mozilla Firefox have several issues with their user interfaces. | ||
== | == Issues with the current user interface == | ||
=== Dialog title === | |||
Currently, the title of the dialogs is "Prompt", which is hardly helpful. "Authenticate" should be used instead. | |||
=== Dialog icon === | |||
The question mark inside the speech bubble doesn't really reflect the nature of an authentication dialog. A set of keys or a padlock seem like much better candidates. | |||
=== Password Manager === | |||
Why should the user know that the Password Manager is remembering the password? Why not just "Remember this password"? | |||
=== Button labels === | |||
101 usability says that "OK" isn't the best text to put on a button. "Authenticate" is better. | |||
=== Unencrypted transmission of username & password === | |||
Currently, the user is not warned of the dangers of submitting his username and password unencrypted (e.g. HTTP Basic). This may be fine for random websites, but the user should be able to expect more from Firefox's own user interface. | |||
Having a message pop up when using HTTP Basic will give at least some level of awareness to the user. | |||
== Suggested user interface == | |||
=== HTTP Authentication === | |||
==== Not Basic ==== | |||
.-----------------------------------------------. | |||
| @@ Enter username and password for TestRealm | | |||
| @@ on intranet.example.com | | |||
| | | |||
| Username: [_____________________________] | | |||
| Password: [_____________________________] | | |||
| [x] Remember this password | | |||
| | | |||
| [ Authenticate ] [ Cancel ] | | |||
'-----------------------------------------------' | |||
==== Basic ==== | |||
.-----------------------------------------------. | |||
| @@ Enter username and password for TestRealm | | |||
| @@ on intranet.example.com | | |||
|-----------------------------------------------| | |||
| @ *Warning:* your username and password will | | |||
| be sent in an insecure manner! | | |||
|-----------------------------------------------| | |||
| | | |||
| Username: [_____________________________] | | |||
| Password: [_____________________________] | | |||
| [x] Remember this password | | |||
| | | |||
| [ Authenticate ] [ Cancel ] | | |||
'-----------------------------------------------' | |||
The warning message could also go another place | |||
.-----------------------------------------------. | |||
| @@ Enter username and password for TestRealm | | |||
| @@ on intranet.example.com | | |||
| | | |||
| Username: [_____________________________] | | |||
| Password: [_____________________________] | | |||
| [x] Remember this password | | |||
| | | |||
|-----------------------------------------------| | |||
| @ *Warning:* your username and password will | | |||
| be sent in an insecure manner! | | |||
|-----------------------------------------------| | |||
| [ Authenticate ] [ Cancel ] | | |||
'-----------------------------------------------' | |||
Revision as of 12:07, 8 April 2006
The current HTTP and FTP authentication dialogs in Mozilla Firefox have several issues with their user interfaces.
Issues with the current user interface
Dialog title
Currently, the title of the dialogs is "Prompt", which is hardly helpful. "Authenticate" should be used instead.
Dialog icon
The question mark inside the speech bubble doesn't really reflect the nature of an authentication dialog. A set of keys or a padlock seem like much better candidates.
Password Manager
Why should the user know that the Password Manager is remembering the password? Why not just "Remember this password"?
Button labels
101 usability says that "OK" isn't the best text to put on a button. "Authenticate" is better.
Unencrypted transmission of username & password
Currently, the user is not warned of the dangers of submitting his username and password unencrypted (e.g. HTTP Basic). This may be fine for random websites, but the user should be able to expect more from Firefox's own user interface.
Having a message pop up when using HTTP Basic will give at least some level of awareness to the user.
Suggested user interface
HTTP Authentication
Not Basic
.-----------------------------------------------. | @@ Enter username and password for TestRealm | | @@ on intranet.example.com | | | | Username: [_____________________________] | | Password: [_____________________________] | | [x] Remember this password | | | | [ Authenticate ] [ Cancel ] | '-----------------------------------------------'
Basic
.-----------------------------------------------. | @@ Enter username and password for TestRealm | | @@ on intranet.example.com | |-----------------------------------------------| | @ *Warning:* your username and password will | | be sent in an insecure manner! | |-----------------------------------------------| | | | Username: [_____________________________] | | Password: [_____________________________] | | [x] Remember this password | | | | [ Authenticate ] [ Cancel ] | '-----------------------------------------------'
The warning message could also go another place
.-----------------------------------------------. | @@ Enter username and password for TestRealm | | @@ on intranet.example.com | | | | Username: [_____________________________] | | Password: [_____________________________] | | [x] Remember this password | | | |-----------------------------------------------| | @ *Warning:* your username and password will | | be sent in an insecure manner! | |-----------------------------------------------| | [ Authenticate ] [ Cancel ] | '-----------------------------------------------'