1508040 - Master Password menu is difficult to find [UX Enhancement]

Status: NEW

(Thunderbird :: Account Manager, enhancement)

Description

[Lili]

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36

Steps to reproduce:

According to the usability study, users are not able to find Master Password menu where they expect it to be. 

Expected location: Account Settings (Windows, MAC) 
Current location: in Options, Security tab (Windows), Preferences, Security tab (MAC)

Link to usability study: https://github.com/uracreative/works/raw/master/Thunderbird/Thunderbird%20Usability%20Study.pdf 

Steps to reproduce: 
1. Open the application 
2. Want to access to the Master Password menu
3. Right click on email account to open Account settings



Actual results:

Open Account settings but could not find Master Password menu there


Expected results:

Master password menu should be placed in the Account Settings inside Security Tab

Comment 1

[Magnus Melin [:mkmelin] (away, back Aug 4)]

Account Settings is for per-account settings. You can't put the Master Password settings there because this is a global setting affecting all accounts.

That aside, why do you want to make the master password more findable? It's generally a source of problems, and most if not all users are better served not using it at all, IMHO.

Comment 2

[Jorg K (CEST = GMT+2)]

I think a usability study from Elio and team found the same. Elio is there already a bug for it?

Comment 3

[Elio Qoshi [:Elio]]

I think a usability study from Elio and team found the same. Elio is there already a bug for it?

I think that's what Lili was referring to anyhow. There is no bug dedicated to that particular Usability Study, though it's mentioned in relevant bugs and the UX mailing list.

Account Settings is for per-account settings. You can't put the Master Password settings there because this is a global setting affecting all accounts.

I think we are all aware of that. That doesn't change the fact that users expect it to be there in the current design. This does not necessarily mean it needs to be put there, it can also mean that the design can be improved in such a way that users don't expect it to be placed under Account Settings. There are also other ways to improve this particular user experience which goes beyond the scope of this bug maybe. We should however not dismiss any user research as that's who we are developing for at the end of the day.

That aside, why do you want to make the master password more findable? It's generally a source of problems, and most if not all users are better served not using it at all, IMHO.

Why is it shown then? Let's remove it if that's the case. Slimming as much down as possible without losing functionality is a low hanging fruit to improve usability.

Comment 4

[Jorg K (CEST = GMT+2)]

Magnus appears to be on a mission to get rid of the (unsafe) master password while others are trying to fix the issue, see bug 1562687.

Comment 5

[Wayne Mery (:wsmwk)]

I recognize that master password is far from being the proper, ultimate protection. However, I like the fact that it's not trivially easy for the causal hacker or snooper to be able see my browser and mail passwords; and being a computer systems administrator some of these accounts are gateways to highly sensitive services and content. In short, I don't think this is an all or nothing scenario, and that security the device is the only level of useful protection.

At a minimum, we should be doing more to both educate users in proper protection in ALL levels of computer resources. That would be the minimum prerequisite for removing master password IF we remove it. But I think I'd rather see it improved. And if it were more findable that could be a path to educating users about security in general. I leave the question of making it more findable to the UI experts.