Final codename reminder upon clicking 'log out'

[trevortimm]

Description

Consider adding a final reminder when people click 'log out,' saying something to the effect of "Did you remember to write down or remember your code name to log back in? [Code name here]"

User Research Evidence

I recently was doing a test submission to SecureDrop, and I forgot to write down my codename as I clicked through to the submit page. After I made my submission, at the last minute, I did remember to look at the bottom of the screen to find it before I logged off. However, I almost forgot completely even though I have known how SecureDrop works for years.

I can imagine a very nervous source who wants to do things as quickly as possible -- and who has never used SecureDrop before -- forgetting to write down their code name at all and not realizing until they log out or try to log back in at a later date.

This is not necessarily a critical feature, more of a "nice to have" that might help in a few edge cases.

[nightwarriorftw]

@eloquence I would love to work on this issue.

[ninavizz]

There's a lot I'd like to revisit with the Source experience; how we present codenames to Sources, high on the list of problematic things. Trevor's recc is a totally easy fix, but I'd like to more generally re-approach the experience with more consideration for the emotional state of Sources (and, to not call them "Sources" in the UI or documentation).

[drewmassey]

@ninavizz @redshiftzero Is this still a desired change? I'm looking to retire some of these help wanted tickets in this repo and I seem to find myself in a front-end state of mind for starters.

[ninavizz]

@drewmassey It is a desired change—and there's a lot we've been working on for incremental frontend enhancements to the Source experience... this, being a part of that whole shebang. I'd personally prefer to see some tidbit(s) around how that's been thought of holistically, implemented to meet this specific need.

That said, I know #4280 needs help. It seems like a pithy issue, and over a standard network and when a newsroom's identity/ownership of an instance is clearly identified it would be... but w/in today's experience it stands out as a need.

I'm about to clock-out for the week, but next week would be delighted to prioritize some near-term frontend stuff for the Source UI if you'd like to take a spin on some of those things, then. In the meantime, I'm sure @redshiftzero has other things she'd love some help with. We're against the wall in our Python 3 migration, and could possibly use a hand, there?

[drewmassey]

Sure I can take a look at #4280 first. The truth is I have more experience in Python so if there are back end projects that need eyes just let me know. I find myself with time on my hands these days so I’m at your service.

[kusalhettiarachchi]

is this still unresolved?

[ninavizz]

It is. We're hoping to do ux and user testing work to devise a solution, this quarter. We think. Can ping you once we're ready to go if you'd be interested in tackling this @kusalhettiarachchi? TY for your interest! :)

[ninavizz]

@zenmonkeykstop @eloquence You fellas open to removing the "Help Wanted" and "Good First Issue" flags from this one? Until we have more user research findings and a clear direction on the desired design solution (if any), they seem potentially confusing.

[ghost]

I have a suggestion for reminding new sources their codename. It's available at https://github.com/zishanmirza/securedrop/tree/confirm_logout (branch: confirm_logout) and could be used for testing the user experience.

[zenmonkeykstop]

Thanks @zishanmirza! we're looking at updates to the source workflow that would effectively only make the codename available after submission, which is pretty similar to this approach - it's good to see the alternatives.