On Wed, Jul 8, 2015 at 9:59 PM, Ryan Kelly <[email protected]> wrote:
> > > On 9/07/2015 12:00, Ryan Kelly wrote: > > On 9/07/2015 11:48, Mark Hammond wrote: > >> I think the new mockups look better. I share the concern about adding > >> extra friction, but that seems under control. > >> > >> The only other point is that there was some discussion about letting > >> users correct the email address they used (eg, on a typo). ISTM we might > >> as well get that in this flow too - but this might be subtle - the user > >> may not realize the mistake until they get to the "confirm" screen, at > >> which point they've already entered the profile for the wrong account, > >> which somewhat sucks (ie, ideally we'd magically be able to use this > >> profile info after they correct the address). > > > > This is heading towards something deeper about our onboarding flow that > > it may be time to revisit - there's a big old email verification loop in > > the middle of it. > > > > Would this discussion be different if we allowed you to complete sync > > setup without verifying your email address? > > More concretely, it might allow an experience like the following: > > > "Create a Firefox Account" > | > V > "Choose what to sync" > | > | <-- success at this point! "sync will begin momentarily" etc > | > V > "You're ready to access your > firefox on all your devices, <-- stronger message about what you > want us to email you some can do right now, rather than > download links?" what you'll be able to do at > | conclusion of the setup process > | > V > "Make Firefox Yours" > | > V > ...etc... > > > (who needs lucidchart when you've got asciiart, amirite?) > > Anyway, I don't want to get myself too carried away here, but it's > something to think about as you're discussing all the options with > growth/engagement/etc teams. I've been pondering the technical and > security aspects of doing this for a while, Can we lay out the technical and security aspects here? I've always assumed the email verification loop was necessary to stop folks auto-creating accounts and then using our storage endpoints as file drops. It's much harder to automate the web flow: if we made it so that the web flow didn't require an email loop (but the REST endpoint still did), would that be enough? Nick
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
