blockstack-browser icon indicating copy to clipboard operation
blockstack-browser copied to clipboard

Published 20 hours ago verified publisher icon stacks-archive

Remove need to enter password when browser updated

Open markmhendrickson opened this issue 6 years ago • 8 comments

This issue is an offshoot of https://github.com/blockstack/blockstack-browser/issues/1675 in that it addresses specifically just the UI need to remove password entry when the browser has been updated and the user is prompted to provide it before continuing to use the product.

markmhendrickson avatar Mar 19 '19 17:03 markmhendrickson

Just reviewed 50 onboardings on TryMyUI and the only person who was truly stuck didn't have their password or secret key handy and struggled with the upgrade (which they probably didn't even care about or understand). Would like to consider removing the password, we can still allow users to approve/deny.

stackatron avatar Aug 21 '19 16:08 stackatron

Any idea how many of those 50 onboardings needed upgrades and what percentage that needed them succeeded vs. not? To get an idea of the known friction size here.

markmhendrickson avatar Aug 22 '19 13:08 markmhendrickson

I wasn't specifically looking for this so not certain. Only one was stuck and they ended up creating a new ID. I don't recall seeing any others. However, just based on the situation, we know that 100% of them will encounter this the next time we upgrade, so that seems like the real issue here.

stackatron avatar Aug 22 '19 13:08 stackatron

I know TryMyUI is leaning more heavily on repeat testers so we can expect this to keep increasing. I would say about 50% of the testers this month were repeats. Assuming we upgraded the browser now, next time it could as many as ~500-1K people.

stackatron avatar Aug 22 '19 13:08 stackatron

I suppose I'm wondering how much to invest in removing it from the current browser vs. waiting for the new one to launch without passwords in general (resolving this problem implicitly).

Do we consider it a big enough problem to resolve for TryMyUI in the short-term (within next 3 months) even if all repeat testers make it through the password-based upgrade path? Or is it only a problem if a certain high percentage (maybe 20%+?) get stuck on this step and can't proceed to testing the actual apps?

markmhendrickson avatar Aug 22 '19 14:08 markmhendrickson

If new browser is released = massive problem. If not = tiny problem.

stackatron avatar Aug 22 '19 14:08 stackatron

It’s worth noting that collections will most likely trigger this upgrade flow, and it’ll need the password no matter what, since it deals with the root keychain. Not 100% sure of that, cc @yknl

hstove avatar Aug 22 '19 15:08 hstove

The reason we ask for the password is to wipe and restore the browser local storage state. Since upgrading the browser often requires changes to the local data schema, it is error prone to attempt to migrate the local data. Users could be on any of the hundreds of versions of the browser released to date. The current upgrade process is a shortcut that's less error prone.

It is possible to remove the need for the password during upgrade, but we would need to either store the seed phrase in plain-text (not recommended), or create incremental migration code for each new release that changes the local data schema.

yknl avatar Aug 22 '19 15:08 yknl