Add metrics for user's use of password managers #232
Comments
|
Thanks @gene1wood. I'll try and implement this GA event in the current sprint. NLX has a cc @hmitsch |
|
Our current
For this particular use case, I would suggest this:
|
|
These GA category and actions look great! |
To satisfy mozilla-iam#232 Signed-off-by: Hidde de Vries <[email protected]>
|
@gene1wood's heuristic is now implemented and visible in staging. This can be tested, because our Google Analytics functionality will:
(ie whatever you see appear in Dev Tools in staging, will be logged in GA for users that have DNT disabled). @rleitan this is now ready for test. I found it recognises LastPass input as 'machine', but 1Password as 'human'. Looking forward to hearing what your tests show. |
|
Interesting. I'm curious how 1Password fills the password in to produce the timing that maps to Human. I'll see if I can find someone with 1Password today and debug it. |
|
@gene1wood I am a 1Password user. If you want, we can look at this during my (late) evening hours. |
|
I've just readded the code that logs key presses and start/end to the Console in the browser Dev Tools, for easier debugging. |
|
I can confirm. My 1Password is also recognized as
|
|
Metrics for user's use of password managers testing on Mac (Safari) is blocked because of bug #239 |
|
This is what console output is for a lastpass filled login Lastpass1Password@hidde As someone who understands the flow a bit better, do these vastly different console outputs between lastpass and 1password reveal anything to you? Why does |
|
I've resolved the issue with 1Password and the new code is live in dev. I've created a PR from development to master, #245 |
|
This is now live in production as of 1:56pm PDT |
In order to gather metrics on our users' use of password managers, I'd like to add a small test when they interact with the password field for LDAP login. I'd also like to emit the results of this test to Google Analytics.
Please add the following functionality to NLX. I've tested this with Lastpass and it correctly differentiates a human from Lastpass.
Add Google Analytics
Add in Google Analytics using a Do Not Track respecting wrapper.
The GA code looks like this.
Our GA tracking code for NLX is
UA-84301250-4. If you don't have access to our Mozilla Google Analytics let me know and I can probably help get you access.The Mozilla recommended way to wrap this to respect DNT is described here by Schalk Neethling (Shalk had me use archive.org while he figures out why his blog is down).
I don't know if you want to use his dnt-helper script or just incorporate the logic into NLX.
One thing I see missing from these examples is what to do so that the
gamethod which is called later doesn't cause an error as if DNT is set to yes, thegamethod won't be defined.Record the password entry timing
In my code I'm using jQuery to create an event triggered function on keypress in the password field. If we don't use jQuery I'm assuming it's trivial to do this without it.
Record the epoch time when the user first types a key in the field and when they last type a key. This is to accommodate password managers that actually type keys.
Some password managers don't even trigger keypresses which makes it all the easier
Check the timing and emit the metric
When the user submits their LDAP password, check the timing of the keypresses you've recorded and emit events to GA
I'm proposing an
eventCategoryofldap-login-formandeventActions ofmachine-typed-passwordandhuman-typed-password. Feel free to suggest better ideas.The text was updated successfully, but these errors were encountered: