5

What does your feature entail? What is it for? How will it affect existing workflows or user experience?
'Safari keychain' (or 'Safari passwords') would seem to be a more accurate description than the '3rd party provider' in the popup button for the behaviour I've seen.

Secondary text (the dimmed kind) that explains the slight UX differences (e.g. 'Passwords can be auto-filled after authenticating and selecting the correct entry in the list'), as well as the nature of the different sources of password data, updated upon selection in the popup button, could also be helpful.

What are the exact ways that you see a user using your proposed feature? Please go into as much detail as possible, and provide examples of how other browsers/apps implement this feature, if applicable. If your feature suggestion adds on to an existing feature, how would it work into it to extend its usefulness?
I'm getting a great initial impression of Orion.

One big challenge for me when adopting a new browser is the aspect of working with my saved passwords. I've found that I couldn't swallow a password migration strategy as suggested by Orion, since I can't commit to switching to Orion for both my Mac and my iPhone at the same time, so would like to keep working with the passwords thus far managed by Safari, yet still use Orion without too much friction on my Mac. I.e. I want to use Orion on Mac, Safari on iPhone, and not struggle with passwords.

I found that when the password provider is set to '3rd party provider', username / password text fields are given the option to view passwords (via 'Passwords...' menu item), which allows me to choose the password to autofill after authenticating with Touch ID. This is a few more steps than autofilling passwords immediately at the text fields, but certainly much better than no access to Safari passwords at login time. I was pleasantly surprised to find this level of integration with Safari-managed passwords, since the explanation during on-boarding and various wordings around password management / autofill gave me the impression I'd need to import the passwords during on-boarding, then have Orion manage its own list of passwords, along with the annoyance of it going out of step with the Safari passwords.

Of course, having Safari password autofill candidates show up at the credential text fields would be the best solution, but I'm guessing the current design reflects API limitations.

  • Vlad replied to this.

    thebearmaster

    'Safari keychain' (or 'Safari passwords') would seem to be a more accurate description than the '3rd party provider' in the popup button for the behaviour I've seen.

    This can be any 3rd party service indeed, for example Strongbox integrates with native keychain as well.

    I want to use Orion on Mac, Safari on iPhone, and not struggle with passwords.

    Orion can read/use Safari passwords on Mac and iOS. Also Safari can read/use Orion passwords on Mac/iOS.

    which allows me to choose the password to autofill after authenticating with Touch ID

    This is addressed in the next version, it will work with touch id. https://orionfeedback.org/d/1410

    Thanks for the feedback. Is there anything you would like us to change?

        Vlad

        Vlad This can be any 3rd party service indeed, for example Strongbox integrates with native keychain as well.

        Thanks for the clarification. I understand now that my confusion was from the fact that I didn't have any 3rd party service, resulting in this pulldown content:

        I've found that selecting 'Password Providers...' is required for me to use passwords for the Safari keychain, though from the menu item's description, I had instead expected to be given a list of providers to select from.

        So in a nutshell, here are the (useful!) facts I learned which were hidden behind a fair bit of trial-and-error:

        • Selecting a password provider in Orion settings does not preclude me from (what sounds to be read-only) access of other sources of passwords, such as Safari's keychain (maybe the label should be changed to 'Default password provider' with additional captions to inform the user of this?)
        • If I want to use passwords saved in Safari, I need to select 'Password Providers...', which re-targets the 'Passwords...' menu item (maybe 'Safari keychain' can be added as an explicit Password Provider menu item to avoid confusion?)
        • Setting the password provider in Orion settings to '3rd party provider' simplifies this step (i.e. re-targets the passwords db without my having to select 'Password Providers...'), but I give up the option to save passwords (again maybe worth explaining as caption text in the settings item?)

        I have a hunch these scenarios may be mute if I chose to be on-boarded with a full import of Safari data. I'm hoping I can try that in earnest in some time in the next few weeks, when I have some free time to safely tinker with my browser setup.

        • Vlad replied to this.

              thebearmaster

              Great feedback!

              I understand now that my confusion was from the fact that I didn't have any 3rd party

              We consider Safari passwords to be '3rd' party in relation to Orion. Basically everything outside of Orion is 3rd party. This is simply because while Safari is popular, it is not even the most popular browser on macOS and many people use a third party password provider that is not using system keychain.

              though from the menu item's description, I had instead expected to be given a list of providers to select from.

              This is only because you have one password provider (Safari system keychain) available so we automatically 'click on that' option in the menu that you would otherwise get. If you had multiple you would get a menu like this:

              This menu is produced by system after us calling an API for it.

              'Default password provider' with additional captions to inform the user of this

              Can you expand on default captions (we are looking for exact text to use).

              If I want to use passwords saved in Safari, I need to select 'Password Providers...', which re-targets the 'Passwords...' menu item (maybe 'Safari keychain' can be added as an explicit Password Provider menu item to avoid confusion?)

              We do not know what options are available until user clicks on it and the content of the Password Providers menu is rendered by system at runtime, not by us.

              Setting the password provider in Orion settings to '3rd party provider' simplifies this step (i.e. re-targets the passwords db without my having to select 'Password Providers...')

              Correct that is why we added this option.

              (again maybe worth explaining as caption text in the settings item?)

              Can you expand on the text?

              In general the easiest is to just use Orion keychain. You can even import all safari passwords to it so it is all native and avaialble. It is secure and uses same tech as Safari. And you can even use passwords you save to Orion keychain in Safari natively or export them later if you do not want to use Orion. The limitations of UX are mainly because of the limitations of available Apple APIs on macOS.

              Your feedback is immensely helpful to understand your journey as a user. We would greatly appreciate your guidance in helping explaining this to new users from a UX/documentation perspective.

                  Vlad

                  'Default password provider' with additional captions to inform the user of this
                  Can you expand on default captions (we are looking for exact text to use).

                  Caption when 'Orion Keychain' selected in Orion Settings > Passwords:

                  • New passwords are saved to Orion Keychain, accessible from other browsers that support Password Autofill.
                  • Passwords from other providers such as Safari, 1Password or Strongbox can still be used, but not updated.

                  Caption when '3rd party provider' selected:

                  • Passwords from providers such as Safari, 1Password or Strongbox can be used, but not updated.

                  An alternative design to the popup button with choices, could be a 'Use Orion Keychain' toggle button, i.e.:

                  [x] Use Orion Keychain

                  which can gray out the checkboxes in the Password Autofill section if de-selected, and defaults to 'on'.

                  This would make it clearer to the user what features they can expect to give up by not using Orion Keychain.

                  (again maybe worth explaining as caption text in the settings item?)
                  Can you expand on the text?

                  I think a 'Use Orion Keychain' toggle that disables the Password Autofill section checkboxes would make it clear enough to the user that if they go with 3rd party provider only (i.e. don't elect to use Orion Keychain), they won't be able to save new passwords.

                  One more suggestin: in the autofill menu,

                  • the 'Password Providers...' menu item when using Orion Keychain, may be more understandable if described as 'Other Password Providers...';
                  • it might flow better if it's at the end of the list (below 'Suggest new password...')

                  In general the easiest is to just use Orion keychain. You can even import all safari passwords to it so it is all native and avaialble. It is secure and uses same tech as Safari. And you can even use passwords you save to Orion keychain in Safari natively or export them later if you do not want to use Orion.

                  I've come to that understanding now. During on-boarding though, the mere thought of adopting another keychain made me wonder immediately about the prospect of the 2 password dbs going out of sync over time, whether I can cross-access them etc, all of which were hurdles towards a decision to import, and at a time when I was keen to test out the new browser.

                  Som, given it's a big ask to import the Safari keychain, these points you mentioned would definitely be appreciated by the tech savvy if they are made available during on-boarding, either as help text under a '?' button, or a link to a webpage.

                  The limitations of UX are mainly because of the limitations of available Apple APIs on macOS.

                  As a macOS developer I fully appreciate the 3rd-party-hostile API design problems you're up against, and salute Orion's efforts despite this.

                  • Vlad replied to this.

                      thebearmaster It would be wonderful if you could sythesize the recommended changes in one post, including the recommended text under a ? button (if you can specify which one you mean, it has been a while since I've seen onboarding) so that we can something actionable to pass on to dev team.

                          Just onboarded to orion and loving it.

                          However password management is big sticking point. I think I have got my head around how to use safari passwords as a 3rd party key chain and its only read only.

                          Next roadblock for me is that these days i use safari for OTP for onetime keycodes.

                          Is there any plans to include such functionality in Orion Password Manager?

                            Vlad Here goes.

                            Title: refine UI for keychain configuration and improve messaging for on-boarding

                            Suggestion for the keychain setting:

                            • change from pull-down button (mutually exclusive selection) to a toggle, e.g.: 
                              Default:
[x] Use Orion's Keychain

   [x] Offer AutoFill passwords from Orion's Keychain
   [x] Offer to save passwords in Orion's Keychain
   [x] Submit form automatically
   [x] Unlock with Touch ID

<caption, in secondary font style>
Orion's Keychain is synced over iCloud.
Passwords saved in Orion's Keychain can also be used in macOS / iOS Safari.
Passwords saved in Safari or 3rd party password providers can be accessed, but not updated. For the best Password Autofill exprience, import passwords into Orion's Keychain.
</caption>

Disabled:
[ ] Use Orion's Keychain
<disabled>
   [ ] Offer AutoFill passwords from Orion's Keychain
   [ ] Offer to save passwords in Orion's Keychain
   [ ] Submit form automatically
   [ ] Unlock with Touch ID
</disabled>

<caption>
Passwords saved in Safari or 3rd party password providers are available in Orion.
Using Orion's Keychain improves Orion's Password Autofill experience.
</caption>

                            Suggestion for the Import dialog:

                            • add a 'help' button next to the 'Passwords' checkbox
                            • link to help content or a web page that explains the following points:
                              • Importing passwords into Orion's Keychain results in the best experience (streamlined autofill, updates and suggestions)
                              • Importing passwords enables usage of Orion's Keychain;
                              • Orion's Keychain is managed the same way as Safari so is equally secure;
                              • Orion Keychain passwords are available in Safari and other browsers supporting Apple Password Autofill (read-only);
                              • Orion Keychain passwords can be exported back to Safari later if necessary;
                              • User can always (i.e. even when using Orion's Keychain) use Safari / password provider passwords for autofill in Orion

                            There are probably many people who can wordsmith the above points far better than me, so I'll leave that bit to those ppl. 😊

                            Background:

                            • Current scope of functionality for password autofill in Orion has nuances which could benefit from improved communication to users
                            • Above nuances, when not fully understood by user, could result in increased commitment anxiety during onboarding, for the decisions on the choice password db and whether to import the Safari keychain
                            • Current design of the keychain setting can result in inaccurate expectations by user; e.g. user can fail to understand that even if Orion keychain is selected, 3rd party keychain can still be accesed
                                6 days later

                                @thebearmaster launched a new version tday with a bunch of changes around clarifications based on your feedback!

                                  No one is typing