Closed
Bug 856150
Opened 11 years ago
Closed 11 years ago
Inform users that their account will be locked for 5 mins after entering the PIN incorrectly too many times
Categories
(Marketplace Graveyard :: Payments/Refunds, defect, P3)
Tracking
(Not tracked)
VERIFIED
FIXED
2013-05-30
People
(Reporter: krupa.mozbugs, Assigned: wraithan)
References
Details
(Keywords: uiwanted, Whiteboard: p=1)
Attachments
(2 files)
Screen that asks user if they want to reset pin
If the user enters their PIN incorrectly 5 times, we log them out and lock their account for 5 mins. The user needs to relogin using Identity or Reset their PIN. If the user logs in within the next 5 mins, they are still locked out. We need to convey this information to them so that they can try the purchase later. A screen which says "You are locked out of your account for 5 mins for your own safety" or some such thing will be useful.
|
||
Comment 1•11 years ago
|
||
Maureen, would it be easy to adjust the UX mock-ups for this?
|
||
Updated•11 years ago
|
Priority: -- → P3
Whiteboard: p=1
|
||
Comment 2•11 years ago
|
||
Ok, here is my solution. I changed the original flow a bit. After the user has entered the pin incorrectly 5 times I show a system error message. When the user clicks "Ok" I take them back to the app details page (no sense in taking them to Persona sign in when they need to chill out for while). If the user tries to sign in < 5 minutes I show a similar sys error and send them back to app details page. Below are the flows. Let me know if this works and I will fold it in to the full pin codes document in this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=842861 Keynote: https://www.dropbox.com/s/j71j71bzc2dzka4/Marketplace_Payments_Flows_PinLockOut.key PDF: https://www.dropbox.com/s/74ay97oqwt27y5y/Marketplace_Payments_Flows_PinLockOut.pdf
|
Assignee | |
Comment 3•11 years ago
|
||
Your mock says "User tries to purchase app in > 5 minutes" but then talks about the user being locked out still, I think you meant "< 5 minutes". You assume they want to reset their PIN after logging back in after the lockout duration is up. Is that reasonable? Shouldn't we perhaps give them the option of trying another 5 times or resetting (using the normal PIN entry screen). I can implement the flow as it is mocked but I worry about the assumption made.
|
|
||
Comment 4•11 years ago
|
||
Changed to < 5 minutes :) I think we should take them directly to reset their pin as I'm fairly certain this is a best practice with passwords and the like. So please implement as mocked.
|
Reporter | |
Comment 5•11 years ago
|
||
(In reply to Maureen Hanratty from comment #4) > Changed to < 5 minutes :) > > I think we should take them directly to reset their pin as I'm fairly > certain this is a best practice with passwords and the like. So please > implement as mocked. This was discussed in #b2gpay and here is a quick summary: Dropping users in the reset flow can be confusing if they locked themselves out a month ago and don't remember why we are forcing them to reset their PIN. Here is the new agreed-upon solution- i) If the user tries the flow < 5 mins, we show the system error as specified in comment 2 ii)If the user tries the flow > 5 mins, we show them a screen which says something like "Your account has been locked for incorrect PIN entry. You can either Sign in and try again or reset your PIN to proceed"(better copy requested) -- "Reset PIN" and "Sign in". We show this screen immediately after the user clicks purchase or after they Sign in.
|
|
||
Comment 6•11 years ago
|
||
I changed the flow slightly from the last comment. Since in either scenario the user must sign in, I propose we take the user directly through the sign in flow when the user clicks "purchase" after 5 minutes. When the user would enter their pin we let them know their pin was locked and ask them if they want to continue or reset their pin. If they choose to reset the user will not be forced to sign in again. I have added this new flow to the documents in the meta-bug for UX changes to pin codes: https://bugzilla.mozilla.org/show_bug.cgi?id=842861
|
|
Assignee | |
Updated•11 years ago
|
Assignee: nobody → wraithan
|
|
Assignee | |
Comment 7•11 years ago
|
||
https://github.com/mozilla/webpay/commit/7305747f1ac6b44c835650f0fcd67fac504cef78 Webpay side of this. Doesn't fix it until I do the solitude side.
|
|
Assignee | |
Comment 8•11 years ago
|
||
https://github.com/mozilla/solitude/commit/5415e79ba5f9ef7a189cab1678e833983a708fdf Solitude side, completes the backend part of this. bug 861134 is to make it prettier and work like the mock.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2013-05-30
|
|
Reporter | |
Comment 9•11 years ago
|
||
It doesn't exactly match mocks (bugs filed for that) but this user message is now in place. See post-fix screenshot.
Status: RESOLVED → VERIFIED
|
|
Reporter | |
Comment 10•11 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•