Closed
Bug 1198418
Opened 9 years ago
Closed 7 years ago
[meta] Local authentication Touch ID / Passcode support
Categories
(Firefox for iOS :: Login Management, enhancement)
Tracking
()
RESOLVED
FIXED
People
(Reporter: aaronmt, Unassigned)
References
Details
(Keywords: meta, privacy)
Attachments
(2 files, 2 obsolete files)
TouchIDPasscode.png
We should look into how we can explore the value of adding local authentication (touch ID) support in the browser on Apple devices with this support
Some ideas
* via Private Browsing tab access
* general browser access
|
||
Comment 1•9 years ago
|
||
Perhaps most obviously:
* Before form-filling passwords.
|
||
Comment 2•9 years ago
|
||
(In reply to Richard Newman [:rnewman] from comment #1)
> Perhaps most obviously:
>
> * Before form-filling passwords.
^ That was my first thought when Aaron mentioned it in #mobile.
I can't see a benefit from general browser access. Private Browsing, certainly.
|
|
||
Comment 3•9 years ago
|
||
+ Logins management
|
|
||
Comment 4•9 years ago
|
||
Touch ID & Passcode flow for Logins and Private Browsing instances.
|
||
Comment 5•9 years ago
|
||
:tecgirl/:mpopova, would it make sense to create a separate AHA card for this? It's related to both private browsing and password management but I see it as a separate thing.
Flags: needinfo?(randersen)
|
|
||
Comment 6•9 years ago
|
||
Yes, this needs its own Aha! card. A card for Master Password exists (https://mozilla.aha.io/features/FIOS-208) but this is beyond that. I don't have the permissions so I'll leave it up to Maria.
Flags: needinfo?(randersen)
|
|
||
Updated•9 years ago
|
Summary: Explore local authentication Touch ID support → [meta] Local authentication Touch ID / Passcode support
|
|
||
Comment 7•9 years ago
|
||
Attachment #8699559 -
Flags: review?(rnewman)
Attachment #8699559 -
Flags: review?(randersen)
|
|
||
Comment 8•9 years ago
|
||
Oops - realized this is attached to the meta bug not the strings bug. Updating.
|
|
||
Updated•9 years ago
|
Attachment #8699559 -
Attachment is obsolete: true
Attachment #8699559 -
Flags: review?(rnewman)
Attachment #8699559 -
Flags: review?(randersen)
|
|
||
Updated•9 years ago
|
Assignee: nobody → sleroux
Status: NEW → ASSIGNED
|
|
||
Comment 9•9 years ago
|
||
I notice in the mocks that we have a section that allows the user to configure areas of the app where Touch ID can be used. How does this configuration work for passcode and not touch ID?
Flags: needinfo?(randersen)
|
|
||
Comment 10•9 years ago
|
||
(In reply to Stephan Leroux [:sleroux] from comment #9)
> I notice in the mocks that we have a section that allows the user to
> configure areas of the app where Touch ID can be used. How does this
> configuration work for passcode and not touch ID?
My initial reasoning is that passcode must be enabled prior to using Touch ID. So, by default passcode covers both instances for users that don't have Touch ID. My concern was for the user who may have a Touch ID device, but choose not to enable the feature, therefore not allowing them to choose which area of the app to protect (all or nothing).
To simplify this, let's just the a toggle to enable Touch ID, and only apply it for Logins Management at this point. I'll attach an updated screen.
Flags: needinfo?(randersen)
|
|
||
Comment 11•9 years ago
|
||
Possible new string:
[Require Passcode]
Updated string:
[Use Touch ID] (was [Use Touch ID for])
|
|
||
Comment 12•9 years ago
|
||
I've been working on the passcode input screens for creating, changing, and validation of a passcode and I think we might be missing some strings for the screens to make sense.
For example, when changing a passcode, I assume that we would want to ask the user to input their old passcode and then ask them to enter a new one. The current copy we have available are:
1. 'Enter a passcode'
2. 'Re-enter passcode'
3. 'Turn off your passcode.'
4. 'Set Passcode'
5. 'Turn Passcode On'
6. 'Turn Passcode Off'
Ideally for these states we would want to ask the user 'Enter your passcode' then 'Enter a new passcode' in the case of changing your passcode.
Another thing that we probably want to include is some copy/UX for error states. For example, when using the system passcode UI, they display a red bubble with text indicating number of attempts. Not sure if this is something we want to do but one slightly confusing thing is if the user enters their passcode and fails to match it in the confirmation screen, we don't have any copy or UI to indicate to the user that the passcodes didn't match. On the branch where I have the passcode screen built I'm just scrolling the user back to the previous input screen.
Anyways I'm worried that this late in development with strings being frozen that we might not be able properly convey to the user the interactions of the passcode screens. I'm thinking this may need to be pushed to a follow up (2.1/3.0) release.
Thoughts?
Flags: needinfo?(sarentz)
Flags: needinfo?(randersen)
|
|
||
Comment 13•9 years ago
|
||
We don't necessarily need to tell the user how many times they're allowed to attempt, but we may need strings and a course of action if X-attempts are made and if they don't match.
For excessive attempts:
"Maximum attempts reached, signing you out of Firefox Sync"
(that way, they can sign back in to sync to begin the process again)
For mismatched passcodes:
"Passcodes didn't match. Try again."
(shown on the passcode entry screen)
Flags: needinfo?(randersen)
|
|
||
Comment 14•9 years ago
|
||
I did some research on the LocalAuthentication API used for Touch ID and have found out the following:
1. Allowing users to use Touch ID in our app is pretty straight forward. If the user has setup Touch ID and everything is working fine, we can simply provide a system-provided prompt asking the user to authenticate with their finger and know when it passed/failed.
2. There are a variety of errors that can occur when using Touch ID [1]. A few of them are simple to handle (UserCancelled) but others would require some copy to give feedback to the user about why it failed. This copy is not provided by the system.
3. Touch ID has the ability to 'fallback' onto another form of authentication. This fallback mechanism is a custom authentication scheme provided by the app developer. For example, account login password or custom passcodes. The system does not provide a default for a fallback.
Regarding 2.0 feasibility, even going with the Touch ID route we would need additional copy to convey errors to the user which would require new strings. For post-2.0 implementations, we can provide a custom passcode solution but this would not solve the forgotten passcode dilemma. A simple solution we could do for a fallback is to:
1. Require users who want to use Touch ID/Authentication to access logins/private browsing to use a FxA account.
2. Use the FxA sign in as the fallback authentication mechanism.
This solution would leverage the existing infrastructure for FxA account management. I'm not sure how that process works but we can include tie-ins with the app such as launching the forgot password pane or invoke the API to reset the password.
[1] https://developer.apple.com/library/ios/documentation/LocalAuthentication/Reference/LAContext_Class/index.html#//apple_ref/c/tdef/LAError
|
||
Comment 15•9 years ago
|
||
We should stick to the original plan of local passcode and optional touch id for those folks who have supporting device.
Flags: needinfo?(sarentz)
|
|
||
Comment 16•9 years ago
|
||
I think we are over-complicating this. Here are some thoughts:
First, a user *always* needs to set a passcode.(In reply to Robin Andersen [:tecgirl] from comment #13)
> We don't necessarily need to tell the user how many times they're allowed to
> attempt, but we may need strings and a course of action if X-attempts are
> made and if they don't match.
>
> For excessive attempts:
> "Maximum attempts reached, signing you out of Firefox Sync"
> (that way, they can sign back in to sync to begin the process again)
Why do we want to connect this to Firefox Sync? Lets keep this simple and do not lock people out or disconnect them from Sync. This is absolutely not needed. It only complicates things.
|
|
||
Comment 17•9 years ago
|
||
(In reply to Stephan Leroux [:sleroux] from comment #14)
> I did some research on the LocalAuthentication API used for Touch ID and
> have found out the following:
>
> 3. Touch ID has the ability to 'fallback' onto another form of
> authentication. This fallback mechanism is a custom authentication scheme
> provided by the app developer. For example, account login password or custom
> passcodes. The system does not provide a default for a fallback.
The fallback is our app specific passcode. The passcode is a requirement to be able to use TouchID. Without the passcode set, you cannot enable TouchID. So we do not need some special fallback. We just need to show our existing passcode dialog.
> Regarding 2.0 feasibility, even going with the Touch ID route we would need
> additional copy to convey errors to the user which would require new
> strings. For post-2.0 implementations, we can provide a custom passcode
> solution but this would not solve the forgotten passcode dilemma.
We can be simple about this: forgotten passcode means you have to delete the app, set it up again.
This is security. No backdoors, no complicated fallbacks via mechanisms not in our control (FxA).
|
|
||
Updated•9 years ago
|
tracking-fxios:
--- → 3.0+
|
|
||
Comment 18•9 years ago
|
||
I think we still want to implement a limit to the number of times a person can enter an incorrect passcode to prevent brute-force attacks. Orignally we were trying this to FxA but since we're not doing that not do we just want to do a simple timeout? Maybe an hour?
The messaging would probably change I'd imagine to something like the following:
"Incorrect passcode. Try again (2 attempts remaining)."
"Incorrect passcode. Try again (1 attempt remaining)."
"Maximum attempts reached. Please try again in an hour."
|
|
||
Comment 19•9 years ago
|
||
(In reply to Stephan Leroux [:sleroux] from comment #18)
> "Incorrect passcode. Try again (2 attempts remaining)."
> "Incorrect passcode. Try again (1 attempt remaining)."
> "Maximum attempts reached. Please try again in an hour."
Careful about l10n for plural forms.
|
|
||
Comment 20•9 years ago
|
||
What's the recommended way of handling these plural forms? Is the fear that the translations might be verbose in some cases?
Flags: needinfo?(rnewman)
|
|
||
Comment 22•9 years ago
|
||
Looks like we don't have this infrastructure in place. As a compromise we could reword it to be:
'Incorrect passcode. Try again (Attempts remaining: N).'
This way we don't have to worry about plural rules.
|
|
||
Comment 23•9 years ago
|
||
This just reminded me that I may have not attached the updated mock (there are so many related bugs!)
We don't have to tell the user how many attempts are remaining. Let's just decide on a number and present them with a message if they hit it:
"Max attempts reached."
and present < Back
|
|
||
Comment 24•9 years ago
|
||
Attachment #8685804 -
Attachment is obsolete: true
|
|
||
Comment 26•9 years ago
|
||
Unassigning myself from the meta since dependent bugs have assignees.
Assignee: sleroux → nobody
Status: ASSIGNED → NEW
|
||
Comment 27•7 years ago
|
||
Closing meta bug.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•