Improve login screen
Closed this issue · 4 comments
- Don't display the Authy field by default, leave behind a click so that users who don't have it enabled are less confused by it (http://wordpress.org/support/topic/authy-token-box-in-wp-loginphp-isnt-really-intuitive?replies=1).
- Use Ajax to check a username once entered, and reveal the field if warranted.
- Display field automatically when Authy token is required or is invalid.
My intention was the implement all three changes as part of a general reworking of the login experience.
For the click, I planned on having a link that ready something like "Using Authy? Click to enter your token." or some such text. I'm open to input on the wording, as I generally struggle to come up with something that makes sense to end users. Hopefully this will be apparent enough to users who've taken the steps to enable Authy on their accounts.
As for my third point, hopefully implementing the first two points won't mean that the first auth attempt fails. I was specifically thinking of the cases where a user fails to enter a token but needs to, or where the password or token are invalid.
At this time, given that WordPress doesn't have an official way to add screens to the login flow, this is the best solution I'm comfortable with. Hacking in a solution is something I'm unwilling to do because it sets a bad example and is prone to breaking too many things. I really want to this plugin to adhere to WordPress coding standards and best practices whenever possible, as an example of how these things should be done.
Gotcha. Look at: authy.com/signin
See the request SMS link under the token? I think if you build a form that says:
Username:
Password:
link: click here to enter the token if you are using two-factor authentication.
Then the user click the link a small dialog pops up to enter the token. You could also add a link to this dialog to request an SMS.