5

Vlad

Vlad This can be any 3rd party service indeed, for example Strongbox integrates with native keychain as well.

Thanks for the clarification. I understand now that my confusion was from the fact that I didn't have any 3rd party service, resulting in this pulldown content:

I've found that selecting 'Password Providers...' is required for me to use passwords for the Safari keychain, though from the menu item's description, I had instead expected to be given a list of providers to select from.

So in a nutshell, here are the (useful!) facts I learned which were hidden behind a fair bit of trial-and-error:

  • Selecting a password provider in Orion settings does not preclude me from (what sounds to be read-only) access of other sources of passwords, such as Safari's keychain (maybe the label should be changed to 'Default password provider' with additional captions to inform the user of this?)
  • If I want to use passwords saved in Safari, I need to select 'Password Providers...', which re-targets the 'Passwords...' menu item (maybe 'Safari keychain' can be added as an explicit Password Provider menu item to avoid confusion?)
  • Setting the password provider in Orion settings to '3rd party provider' simplifies this step (i.e. re-targets the passwords db without my having to select 'Password Providers...'), but I give up the option to save passwords (again maybe worth explaining as caption text in the settings item?)

I have a hunch these scenarios may be mute if I chose to be on-boarded with a full import of Safari data. I'm hoping I can try that in earnest in some time in the next few weeks, when I have some free time to safely tinker with my browser setup.

  • Vlad replied to this.

        thebearmaster

        Great feedback!

        I understand now that my confusion was from the fact that I didn't have any 3rd party

        We consider Safari passwords to be '3rd' party in relation to Orion. Basically everything outside of Orion is 3rd party. This is simply because while Safari is popular, it is not even the most popular browser on macOS and many people use a third party password provider that is not using system keychain.

        though from the menu item's description, I had instead expected to be given a list of providers to select from.

        This is only because you have one password provider (Safari system keychain) available so we automatically 'click on that' option in the menu that you would otherwise get. If you had multiple you would get a menu like this:

        This menu is produced by system after us calling an API for it.

        'Default password provider' with additional captions to inform the user of this

        Can you expand on default captions (we are looking for exact text to use).

        If I want to use passwords saved in Safari, I need to select 'Password Providers...', which re-targets the 'Passwords...' menu item (maybe 'Safari keychain' can be added as an explicit Password Provider menu item to avoid confusion?)

        We do not know what options are available until user clicks on it and the content of the Password Providers menu is rendered by system at runtime, not by us.

        Setting the password provider in Orion settings to '3rd party provider' simplifies this step (i.e. re-targets the passwords db without my having to select 'Password Providers...')

        Correct that is why we added this option.

        (again maybe worth explaining as caption text in the settings item?)

        Can you expand on the text?

        In general the easiest is to just use Orion keychain. You can even import all safari passwords to it so it is all native and avaialble. It is secure and uses same tech as Safari. And you can even use passwords you save to Orion keychain in Safari natively or export them later if you do not want to use Orion. The limitations of UX are mainly because of the limitations of available Apple APIs on macOS.

        Your feedback is immensely helpful to understand your journey as a user. We would greatly appreciate your guidance in helping explaining this to new users from a UX/documentation perspective.

            Vlad

            'Default password provider' with additional captions to inform the user of this
            Can you expand on default captions (we are looking for exact text to use).

            Caption when 'Orion Keychain' selected in Orion Settings > Passwords:

            • New passwords are saved to Orion Keychain, accessible from other browsers that support Password Autofill.
            • Passwords from other providers such as Safari, 1Password or Strongbox can still be used, but not updated.

            Caption when '3rd party provider' selected:

            • Passwords from providers such as Safari, 1Password or Strongbox can be used, but not updated.

            An alternative design to the popup button with choices, could be a 'Use Orion Keychain' toggle button, i.e.:

            [x] Use Orion Keychain

            which can gray out the checkboxes in the Password Autofill section if de-selected, and defaults to 'on'.

            This would make it clearer to the user what features they can expect to give up by not using Orion Keychain.

            (again maybe worth explaining as caption text in the settings item?)
            Can you expand on the text?

            I think a 'Use Orion Keychain' toggle that disables the Password Autofill section checkboxes would make it clear enough to the user that if they go with 3rd party provider only (i.e. don't elect to use Orion Keychain), they won't be able to save new passwords.

            One more suggestin: in the autofill menu,

            • the 'Password Providers...' menu item when using Orion Keychain, may be more understandable if described as 'Other Password Providers...';
            • it might flow better if it's at the end of the list (below 'Suggest new password...')

            In general the easiest is to just use Orion keychain. You can even import all safari passwords to it so it is all native and avaialble. It is secure and uses same tech as Safari. And you can even use passwords you save to Orion keychain in Safari natively or export them later if you do not want to use Orion.

            I've come to that understanding now. During on-boarding though, the mere thought of adopting another keychain made me wonder immediately about the prospect of the 2 password dbs going out of sync over time, whether I can cross-access them etc, all of which were hurdles towards a decision to import, and at a time when I was keen to test out the new browser.

            Som, given it's a big ask to import the Safari keychain, these points you mentioned would definitely be appreciated by the tech savvy if they are made available during on-boarding, either as help text under a '?' button, or a link to a webpage.

            The limitations of UX are mainly because of the limitations of available Apple APIs on macOS.

            As a macOS developer I fully appreciate the 3rd-party-hostile API design problems you're up against, and salute Orion's efforts despite this.

            • Vlad replied to this.

                thebearmaster It would be wonderful if you could sythesize the recommended changes in one post, including the recommended text under a ? button (if you can specify which one you mean, it has been a while since I've seen onboarding) so that we can something actionable to pass on to dev team.

                    Just onboarded to orion and loving it.

                    However password management is big sticking point. I think I have got my head around how to use safari passwords as a 3rd party key chain and its only read only.

                    Next roadblock for me is that these days i use safari for OTP for onetime keycodes.

                    Is there any plans to include such functionality in Orion Password Manager?

                      Vlad Here goes.

                      Title: refine UI for keychain configuration and improve messaging for on-boarding

                      Suggestion for the keychain setting:

                      • change from pull-down button (mutually exclusive selection) to a toggle, e.g.: 
                        Default:
[x] Use Orion's Keychain

   [x] Offer AutoFill passwords from Orion's Keychain
   [x] Offer to save passwords in Orion's Keychain
   [x] Submit form automatically
   [x] Unlock with Touch ID

<caption, in secondary font style>
Orion's Keychain is synced over iCloud.
Passwords saved in Orion's Keychain can also be used in macOS / iOS Safari.
Passwords saved in Safari or 3rd party password providers can be accessed, but not updated. For the best Password Autofill exprience, import passwords into Orion's Keychain.
</caption>

Disabled:
[ ] Use Orion's Keychain
<disabled>
   [ ] Offer AutoFill passwords from Orion's Keychain
   [ ] Offer to save passwords in Orion's Keychain
   [ ] Submit form automatically
   [ ] Unlock with Touch ID
</disabled>

<caption>
Passwords saved in Safari or 3rd party password providers are available in Orion.
Using Orion's Keychain improves Orion's Password Autofill experience.
</caption>

                      Suggestion for the Import dialog:

                      • add a 'help' button next to the 'Passwords' checkbox
                      • link to help content or a web page that explains the following points:
                        • Importing passwords into Orion's Keychain results in the best experience (streamlined autofill, updates and suggestions)
                        • Importing passwords enables usage of Orion's Keychain;
                        • Orion's Keychain is managed the same way as Safari so is equally secure;
                        • Orion Keychain passwords are available in Safari and other browsers supporting Apple Password Autofill (read-only);
                        • Orion Keychain passwords can be exported back to Safari later if necessary;
                        • User can always (i.e. even when using Orion's Keychain) use Safari / password provider passwords for autofill in Orion

                      There are probably many people who can wordsmith the above points far better than me, so I'll leave that bit to those ppl. 😊

                      Background:

                      • Current scope of functionality for password autofill in Orion has nuances which could benefit from improved communication to users
                      • Above nuances, when not fully understood by user, could result in increased commitment anxiety during onboarding, for the decisions on the choice password db and whether to import the Safari keychain
                      • Current design of the keychain setting can result in inaccurate expectations by user; e.g. user can fail to understand that even if Orion keychain is selected, 3rd party keychain can still be accesed
                          6 days later

                          @thebearmaster launched a new version tday with a bunch of changes around clarifications based on your feedback!

                            No one is typing