[IMPORTANT] Changing the look of your login

Is it just me, or does it feel like there are more clicks to get where you want to be now on initial login?
After the initial login it does seem there are much less clicks to get where you want to be, so overall the experience is really smooth.

Thanks for paying attention to the small UX things. I’d appreciate if you’d also remove this redundant click that the login always needs me to do when using 2FA. I use Google Authenticator for 2FA, and it has me click on this button to reveal the passcode form, which is a bit silly since it’s the only choice of action I have on the screen.


@brianpeiris Indeed, this is a problem with Duo’s web interface that has existed since we started using them (not connected to the move to the new login experience launched today). To fix this will require building our own Duo interface which we’ve talked about but isn’t scoped yet.


Maybe my experience is unique, this new UX doesn’t feel more efficient.

For initial login extra interaction with the page on initial login (clicking/enter/tab+enter) between username and password.

And now every time I go to an app another Mozilla provided app that auths with Auth0, I find myself doing one of two things:
Going through the same process as initial login minus Duo. (First use of a given app after 2FA)
Starting to enter my username in the field when the page (like the initial login) then refreshes to the app. (any subsequent use of the same given app)

The latter of the two is worry some as I found my creds getting imputed onto the refreshed page because I click my password manager just after the login page is wiped and the app page starts loading.

But neither feel like “auto login” (even if the second actually does get you there if you wait for a moment). Previous behavior I clicked the button with my login name on the “Last time you logged in with…” prompt, which I didn’t mind… it was like a confirmation that I was proceeding with the correct credentials.

I can happy try to capture a video of either. Both happen in FF 58.0.2 on macOS 10.13.3. Have not tried a different browser.

Side note: I am not a fan of hidden input fields. (ie the way you or your password manager can input your password in a field before it was visible). Didn’t like it when Google started doing this to their login page either.

Hi @johnb! Thanks for taking the time to give feedback.

With regards to the first issue: are you using the same login methods for these Mozilla-provided apps (i.e. LDAP or GitHub)?

The fact that you see the username field while you are being auto-logged-in is a known bug, this will be fixed in our next release, which will be live next week at the latest. In the fixed version, you will not see the username field while being auto-logged in.

The hidden password field is a UI choice we have made, it is intended to make the experience simpler for people who do not have passwords (i.e. users without LDAP accounts). In most password managers autofill can be turned off, I think even on a per-site basis.

All of mine are LDAP.

Auto login has been pretty smooth, but I’ve had a couple hiccups where it pauses for a few seconds at the login screen before proceeding. When starting a new login session, having to enter my email/username (LDAP) and password on separate screens (even though it gets autofilled by 1PW because it’s a hidden field) is an extra step as compared to before. Out of curiosity/understanding, why did we make that particular change to the login flow? Thanks!

@cbrentano we chose this flow because it allows us to build a “smart” login experience. Upon entering your email in the first screen/card we check if this will be the LDAP login flow or the passwordless email login.

We are thinking of making the flow smarter in the future. You would then enter an email address and we will know to which authentication provider to route you next (LDAP, Github, Google, email).

Hope this explanation makes sense?

1 Like

Yep, thanks @hmitsch! Much appreciated.


To all people in this thread: Many of your comments were addressed in Tuesday’s update to our New Login Experience:

  • return key submits the password (cc @mykmelez)
  • Auto login displays a loading spinner to avoid confusion (cc @johnb)

For more information please read:

1 Like

BUG 1: Infinite loop

  1. Tried to sign-in using GitHub (for the first time);
  2. After being signed in on GitHub, I get this message:

ERROR: You must setup a security device(“MFA”, “2FA”) for your GitHub account in order to access this service.Please follow the GitHub documentation to setup your device, then try logging in again.

  1. I DO NOT want to setup a security device;
  2. I click on “Go Back” to try a different auth mechanism, but I’m being redirected to this error over and over again. I’m stuck. I go to the main page and click on “Sign in”, but I’m being instantly redirected to this ERROR page, with no option to sign-in using email or my Google account - I had to clear all my cookies to get rid off of this looping;
  3. I try again, this time using my Google account, but I get this error:

ERROR: Sorry, you may not login using Google. Please instead always login with GitHub

But I CANNOT log-in with GitHub!

BUG 2: Editor tools don’t work when adding a comment here
When I finally managed to sign-in (using private mode and signing-in using an email account), I can’t comment because the tools (e.g. bold, italic, hyperlink, blockquote, etc) are not “clickable”. When I roll over the mouse it shows me the “select cursor”. It’s like if there’s an invisible text on top of the icons. Weird thing is that it works properly on Chrome.

BUG 3: “alert()” doesn’t work in responsive mode
I know this is not the right place to post this bug, but I’m too frustrated and I already wasted too much time trying to log in here. So I’m going to post here in a hope that someone sees this.

The bug:
On Quantum, typing “window.alert(1)” on JS console, while on “responsive mode”, it doesn’t work.

FF: Quantum, v. 58.0.2, 64-bit
SO: Ubuntu 17.10, 64-bit

1 Like

@loureiro.rg Thanks for reporting your feedback! I’m afraid I cannot comment on what’s happening in Discourse or Firefox’ responsive mode, but with regards to your first comment: for security reasons, we are forcing users to use their most secure method of logging in, it sounds like this is email or 2FA’d GitHub.

The fact that you cannot always go back after getting this error is an issue we are aware of, we are working on shipping improvements to this in the not too distant future. Please bear with us for this!

1 Like

@leo can you follow-up on Bug 2, please?

1 Like

@loureiro.rg I am checking in with our #devtools team to see if they are aware of Bug 3.

1 Like

@loureiro.rg for Bug 3, there is a bugzilla issue at https://bugzilla.mozilla.org/show_bug.cgi?id=1273997

Hope this helps.

1 Like

:heart_eyes: good work on the new login system. really loved it.

I am sorry but this is REALLY REALLY broken. It only work in private browsing mode. as soon as I use normal browsing it rederiects to google authentication, and there eis NO CHANCE entering a github credential. SO it effectively locks me out unless I use private browsing. I tried deleting all mozillians.org cookies but it still redirects. I would politely suggest that you should not SNOOP SESSION DATA from other tabs, that is an EXTREMELY CREEPY way of doing authentication. And it makes it impossible to use for me I have 12 google accounts and often are logged iinto multiple ones. And I do not want to be forced using google as gatekeeper for my Mozilla data.

Hi Axel,

Thanks for your feedback.

Autologin is a feature that works well for most people, as it saves clicks if you’re using the same login method every time. It doesn’t work well if you want to change login method — this is something we are actively looking at improving, we will likely be adding an ON/OFF switch to autologin in order to let you choose your login method once more. Until we have, please use container tabs, with a container for each identity you’d like to use.

For the record, no snooping is happening. We save your last login method when you are on the login page using a browser feature called localStorage. It is saved there just for the auth0 host, which means it can only be accessed by the login page. Because you can access that same page in multiple tabs, it works in multiple tabs.

Let me know if you have any more questions!

1 Like

6 posts were split to a new topic: Login difficulties

Please report your login difficulties in the #iam category