[sldev] RFC: design proposal for VWR-1071

[Melinda Green]

With apologies to Poppy...

Cypren Christenson wrote:
>
> On Jul 21, 2009, at 8:29 PM, Melinda Green wrote:
>
>> I like where this is going though I worry about loading up an already
>> untested user interaction with more features, not to mention asking poor
>> Cypren with more requirements.
>
> I appreciate the concern. =)
>
>> I therefore suggest that we do this in
>> two stages. Since everyone seems to like Cypren's design for at least
>> the advanced case, I propose that we let him finish what he intended and
>> let people get used to actually using it. With that in hand and assuming
>> that everyone really does like it, we then design the "instant login"
>> functionality on top of that and someone (not neccecarraly Cypren)
>> implements it. Does that sound like a good idea?
>
> To be honest, as long as we're changing the UI, wouldn't it make sense 
> to change it once and then stabilize it again? It's been my experience 
> that few things frustrate the average computer user more than 
> frequent, small changes that disrupt their habits and make them 
> re-learn things. Those of us on this mailing list are probably the 
> most likely users of the "advanced case", since we need alt accounts 
> to test and prod the system. We also all have the ability to apply 
> code patches and run a "custom client" for as long as we want, and 
> this issue has sat largely untouched for a long time anyway, so the 
> urgency seems fairly low.
>
> I'm all for taking this slowly, carefully and doing as many revisions 
> as it takes until we get something that represents the 
> closest-to-ideal solution that we can come up with between the lot of us.

I personally prefer doing design & development in small, well-defined 
steps. That helps avoid the dreaded feature creep and lowers the risk 
that some uninticipated user interaction problem will require extensive 
rework and/or bring the whole thing down. If you're really signing up to 
implement whatever design the committee comes up with, I think you 
should decide. Otherwise I'd rather pounce on the rare agreement + 
implementation, get it checked in, and build on that.

>> Regarding instant log-in, I'll throw out this strawman design: 
>> replace the "General > Show Start Location on Login Screen" check box 
>> with
>> simply "General > Show Login Screen" which when shown will always show
>> the start location control. (What's the point of showing and hiding that
>> one control when we're talking about showing and hiding the entire login
>> panel, right?) Bootstraping this for brand new users will require one
>> bit magic however which will be the ability to cache their user name and
>> hashed password in a cookie when creating a new account. The goal is to
>> be able to create an account & password and then fire up the viewer with
>> instant login. That way 90% of users will never see a login screen! Of
>> course somewhere along the line they'll need to be warned about cached
>> passwords on insecure machines. They could even be given the option
>> during account registration for us to not do that which would simply
>> result in the full login screen being shown.
>>
>
> I like this idea a lot, but the security concerns really worry me. As 
> far as I know, SL hasn't been hit by the same rampant account-hacking 
> and asset-theft that WoW has (largely, I assume, because of its 
> smaller userbase), but that will eventually change as it gets larger. 
> I'm not sure we necessarily want to make a saved password the 
> *default* setting for unaware users.

Yes, these things worry me too which is a great example of why I like to 
work in small steps. Even if the whole instant login idea falls apart 
then at least we'll have made some measurable progress. Note also that 
we don't need to default saved passwords to "on" if that seems too 
risky. The account creation page could default that choice to "off" and 
then include an option something like
            "Would you like us to save your user name and password on 
this machine? Yes/No"
along with a link that reads
            "What's the risk?"

That of course is just one possible solution and I don't have a strong 
opinion.
-Melinda