Help folks choose which provider is right for them

[iandunn]

Many folks aren't familiar w/ 2FA and it's not intuitive to them, so they might struggle to pick a provider that fits their threat model. it could help to add some kind of messaging to the Providers table that tells people how secure & convenient each method is, so they can make an informed decision about tradeoffs.

Rough idea:

Alternatively, that could be displayed as list, like:

Strength of security: 5/5
Ease of setup: 2/5
Ease of use: 4/5

... or even as a "help me choose" type of wizard. Or maybe just linking off to an article or video that describes each provider and explains the pros/cons in depth.

[jeffpaul]

That settings portion is due for some UX improvements, which I've been trying to steal time from colleagues but have not been successful on usable output, but otherwise even some light guidance like this seems helpful (ensuring those strings are translatable).

[iandunn]

Another way to display it might be a matrix:

Provider	Security	Setup	Convenience
Email	Weak	Easy	Moderate
TOTP	Strong	Moderate	Moderate
WebAuthn	Very Strong	Moderate	Easy - Moderate

[jeffpaul]

Some related approach on this that GitHub is taking that we might use to inform how the plugin evolves here for WP: https://github.blog/changelog/2022-11-21-updates-to-the-two-factor-authentication-setup-flow/

[jeffpaul]

Some updated UX approach from GitHub on how they describe & note preference of 2FA methods: https://github.blog/changelog/2023-03-02-sms-and-totp-can-now-both-be-registered-2fa-methods/