Feature #5647
closed
[Workbench] Log-in on anonymous redirects to google sign-in with no warning; feels like phishing
100%
Description
tl;dr: Clicking on Login on topnav takes me to google login and this could potentially be very confusing if it's my very first time as anon user
After #5418 there is no way for users to discover the "Safe" login page if the hit the anonymous project/collection/pipeline page.
Right now we manually solve this by giving them a flat-out link to the "Safe" login page in project description.
But you could hit a collection
The only thing to hit is "log-in" and that takes you straight to a google sign-in page, which is super confusing and feels like a phishing attack almost, if you didn't realize Arvados relies on Google Account sign-ins. There's no way to even stumble onto the "Safe" page where it says " You can try it out by logging in with your Google account (for example, from GMail or Google+)."
Possible solutions:
- Instead of "log-in" say "log-in/sign-up".
- Redirect topnav "log-in" clicks to "Safe" page
- Revert #5418, they can always hit the back button, and the "Safe" pages should soon link to a list of public project/collections/pipelines soon anyway -- see screenshot
https://arvados.org/issues/5370#note-6 [1]
[1] (I hope people haven't forgotten about that part...)
Files
Updated by Nancy Ouyang almost 10 years ago
Another solution -- edit the text in the "welcome to ARvados" box that says "You are accessing public data." right now, and include link back to "Safe" page or that says "log-in or sign-up with any google account."
This solution only works for collections, however. For projects, the first page you hit is the readme, with no "welcome to arvados" box.
Updated by Ward Vandewege over 9 years ago
- Target version changed from 2015-04-01 sprint to 2015-04-29 sprint
Updated by Ward Vandewege over 9 years ago
- Tracker changed from Task to Feature
- Target version changed from 2015-04-29 sprint to Bug Triage
Updated by Ward Vandewege over 9 years ago
- Target version changed from Bug Triage to 2015-05-20 sprint
Updated by Tom Clegg over 9 years ago
- Hover-dropdown the login button, with a "Sign up / log in with Google" item.
(Minimize extra clicks and page loads for regulars, without being too surprising for newcomers.)
Updated by Ward Vandewege over 9 years ago
- Subject changed from Log-in on anonymous redirects to google sign-in with no warning; feels like phishing to [Workbench] Log-in on anonymous redirects to google sign-in with no warning; feels like phishing
Updated by Nancy Ouyang over 9 years ago
- File login-dropdown.png login-dropdown.png added
Click for drop-down menu, solution mockup below:
Updated by Nancy Ouyang over 9 years ago
- File imgur-signin.png imgur-signin.png added
- File imgur-topnav-userdropdown.png imgur-topnav-userdropdown.png added
- File imgur-topnav-anonymous.png imgur-topnav-anonymous.png added
- File imgur-signup.png imgur-signup.png added
For future reference, I think imgur.com handles multiple log-in methods well
Sign In
Sign Up
Anonymous topnav
Signed-in topnav
Updated by Radhika Chippada over 9 years ago
Added a hover dropdown to login link using text suggested in #5647-9 (Note #9), omitting the image after talking to Nancy.
Updated by Nancy Ouyang over 9 years ago
- File login-icon-dropdown.png login-icon-dropdown.png added
Radhika, possible choice 
Updated by Nancy Ouyang over 9 years ago
- File login3.png login3.png added
<a href="<%= arvados_api_client.arvados_login_url(return_to: root_url) %>"> <span class="fa fa-lg fa-sign-in"></span><p style="margin-top: -1.35em; padding-left: 1.6em; margin-bottom: 0em; margin-right: 0.5em;">Log-in or register with<br/>any Google account</p></a>
Updated by Radhika Chippada over 9 years ago
Updated after Nancy viewed and commented back.
Updated by Radhika Chippada over 9 years ago
- Category set to Workbench
- Assigned To set to Radhika Chippada
- Target version changed from 2015-05-20 sprint to 2015-04-29 sprint
Updated by Radhika Chippada over 9 years ago
- Status changed from New to In Progress
Updated by Brett Smith over 9 years ago
One small comment on the text in 1f6a187: the menu item uses the verb "Log-in." Most of Workbench uses "Log in." I think we should remove the dash for better consistency (even the topnav in this branch says "Log in").
It might be a little more pure to use a Bootstrap popover, but this is small and time-sensitive enough that we can merge this version and revisit it later.
Thanks.
Updated by Radhika Chippada over 9 years ago
Thanks Brett. Made the text change. And left the hover-dropdown implementation as is to use css-based solution. Since we are not doing it across the workbench, I wanted to keep it simple and avoid using bootstrap-hover-dropdown gem or any other involved things.
Updated by Radhika Chippada over 9 years ago
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100
Applied in changeset arvados|commit:912464ad82bad38f1ce7984b6d4b19734a9816a9.
Updated by Nancy Ouyang over 9 years ago
For future, suggest making login drop-down menu show on click instead of hover, to keep consistency with other menus.
The user will have difficulty discovering "?" is a dropdown menu otherwise.
Or in story form: " I just went to cloud.curoverse and spent a few seconds hovering over "login" and then hovering over the "?" menu and wondering why the latter dropdown wasn't showing before remembering I needed to click it"
Edit: ...I recall my where my deep hatred of tooltip menus comes from: watching little kids try to use hover menus on the Arduino IDE. guh. the SIGGRAPH people in 1990 designed better GUIs than are the accepted default now.
https://vimeo.com/61556918 18:20 and 20:49 and 30:03 and 36:37 ... 20:49 and 30:03 people... did you ever test your UI out on kids or elderly people? did you?? -.- 25 years later I am paying for your design choices
(I agree, tooltips are not bad by themselves, but they are easily misused, like any other GUI element.)