Prevent Authenticator as 2FA option for new Safes

[tschubotz]

Please see epic for details.
What do we do when no 2FA is available (i.e. the phone doesn't have NFC)?

[posthnikova]

Phone without NFC

1) Create Safe

Still show this step but let the user know why 2FA is not possible.

2) Existing Safe - Enable 2FA

Tell that enabling 2FA is not possible but you are still able to connect Authenticator when recovering. Alternatively, we could hide or grey out this option in the menu.

3) Existing Safe - Replace 2FA

Tell that replacing 2FA is not possible but you are still able to connect Authenticator when recovering.

4) Recover Safe

Only allow connecting Authenticator. Don't show list of devices.

5) Existing Safe - Disable 2FA

In case some users use the Authenticator for dapps warn them that they won’t be able to setup Authenticator again in the Safe menu. They are still able to enable it during Safe recovery.

https://www.dropbox.com/s/9rbd4omn7g8yjql/Without_NFC.jpg?dl=0

Phone with NFC

1) Create Safe

In the list of devices we don't show Authenticator. Otherwise no changes.

2) Existing Safe - Enable 2FA

In the list of devices we don't show Authenticator.

3) Existing Safe - banner to switch

Show it on Assets view and in the menu. You are able to close.

4) Existing Safe - Replace 2FA

In the list of devices we don't show Authenticator.

5) Recover Safe

In the list of devices we don't show Authenticator.

6) Existing Safe - Disable 2FA - no changes

https://www.dropbox.com/s/hoy84o3mh27z0qn/With_NFC.jpg?dl=0

Banner for Authenticator:

[rmeissner]

Do we want to make it this complex (implementation wise) ... I would have just adjusted the list where the user can select a 2fa factor. And in the worst case he could not select any device and therefore could not continue. This would require the least adjustments and would archive the same goal.

[tschubotz]

Thanks for the update.

I would not tell users that they are still able to connect to the Authenticator when recovering. That is confusing imo.

Regarding Richard's comment, I'm all for minimizing implementation effort. Could you work with the mobile devs to see if we can come up with a version where e.g. just the 2FA list needs to be modified (if that's what would make this feature easier)?
We could e.g. add an info row below where we explain things like:

• You need to turn on NFC
• You don't have NFC, that's why this is greyed out.
• We'll be adding more options soon.
• Missing an option? - Get in touch.

What do you think?

[tschubotz]

Regarding the message on the Authenticator: The message says "prevent unauthorized access". That won't happen and is a very dangerous thing to write imo.

I would rather write something like this:

We will be deprecating the Authenticator

Please replace the connected 2FA device on your phone.

(If possible, I wouldn't write "Status Keycard". Otherwise we would have to update the text once we add something else.)

What do you think?

[tschubotz]

Also, what if the user doesn't have NFC?
Should we wait with the banner on the extension for a while?

[tschubotz]

Here's some stats on the number of users of the extension to educate the discussion: users.pdf

[posthnikova]

UX sync: leave out banners

[posthnikova]

Changes: don't do banners, text changes, added "Get in touch button".

Android without NFC:

Android with NFC:

iOS without NFC:

https://www.dropbox.com/s/ant930hgkinnkoq/iOS_Without_NFC.png?dl=0

iOS with NFC:

https://www.dropbox.com/s/rkz5iw2ovmffbn5/iOS_With_NFC.png?dl=0

[posthnikova]

Zeplin:

Android: https://zpl.io/awxPyyg

iOS: https://zpl.io/aNn1w3n

[KristinaMayman]

Just noticed that it should be "pairing with a two-factor...". Changed it on Lokalise.

[tschubotz]

@DmitryBespalov @elgatovital fyi ☝️
Could you please update it in the apps when you get the chance? :)

[DmitryBespalov]

@tschubotz will be done

[posthnikova]

Corrected:

Android: https://zpl.io/awxPyyg

iOS: https://zpl.io/aNn1w3n

I archived flows with Authenticator on zeplin. It is only possible to connect it during recovery.