[Form Autofill] Make Phishing Warning accurate

RESOLVED WONTFIX

Status

()

--
enhancement
RESOLVED WONTFIX
a year ago
11 months ago

People

(Reporter: adrian_sv, Unassigned)

Tracking

56 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [form autofill])

(Reporter)

Description

a year ago
[Description:]
I believe we could have the phishing warning to be a bit more accurate. 

1.
We could have the current design be more accurate, throwing some ",.." at the end of the message:
"Also fill in Company, phone, address, email, .."

2.
Another thing that I'd like to suggest would be to change the entire warning message, since I think it will actually hold more value for the user:
"Filling in (x fields): Company, phone, address, email, .."
IMHO, telling the user how many fields are we going to fill in might hold more value than showing several fields. 
I also understand that space is of concern, so, I would trade a field in the warning for the fields counter.
(In reply to Adrian Florinescu [:AdrianSV] from comment #0)
> [Description:]
> I believe we could have the phishing warning to be a bit more accurate. 
> 
> 1.
> We could have the current design be more accurate, throwing some ",.." at
> the end of the message:
> "Also fill in Company, phone, address, email, .."

I don't see how adding an ellipsis is more accurate? What problem are you trying to solve with that?

> 2.
> Another thing that I'd like to suggest would be to change the entire warning
> message, since I think it will actually hold more value for the user:
> "Filling in (x fields): Company, phone, address, email, .."
> IMHO, telling the user how many fields are we going to fill in might hold
> more value than showing several fields. 

Hmm… either way the user is going to have to cross-reference with the page though… Could you elaborate more on why you think this is better?

> I also understand that space is of concern, so, I would trade a field in the
> warning for the fields counter.

I'm not sure what you mean by this
Whiteboard: [form autofill]
(Reporter)

Comment 2

a year ago
(In reply to Matthew N. [:MattN] (huge backlog; PM if requests are blocking you) from comment #1)

> I don't see how adding an ellipsis is more accurate? What problem are you
> trying to solve with that?

On a second thought, I think that actually adding ellipsis makes it worse, so let's ignore that part. Also, it might be that "accurate" is really a bad word in this context. 

> Hmm… either way the user is going to have to cross-reference with the page
> though… Could you elaborate more on why you think this is better?

The way I see it, the "accurate" solution would be to have the phishing warning list all the fields there (-not actually suggesting this-), but as we do it now, we only list 4, so when I fill in a regular form, it will auto-fill 7 fields and the warning will still show me 4 fields. As that happens once my brain already connects that the warning is mostly informative, with no other value. We shouldn't expect that today's (shopping) user will play with the auto-fill to spot how the warning is dynamically populated: the user opens the form, fills the form, moves on. So, by the time a possible phishing attack happens, the warning should be like a road sign on a route that you do daily: you know what is says, but you don't really pay attention to it anymore. 

Having a counter in the phishing warning just seems to me intuitively correct: the warning says 5 fields are filled in, I have 5 fields being filled, fine - but when I have only 3 visible fields... what's going on? - at this point my user antennas gonna get tingly. All in all, I say counting fields and comparing numbers is easier that reading and comparing labels.  

On the other hand, I also think that the counter warning message would also add clarity in the sense that not all the filled in fields are actually listed in the phishing warning message.


>> I also understand that space is of concern, so, I would trade a field in the
>> warning for the fields counter.
> I'm not sure what you mean by this

The counter message is slightly a longer string that the current one, so thought was that probably, if we chose to implement that counter version, instead of showing max 4 fields as we do it now, we will probably have to show only max 3 - which in my view would be a fair trade.
Status: NEW → RESOLVED
Last Resolved: 11 months ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.