[discussion] scratch token UX

[tkgroot]

Its easy to overlook the scratch token if presented after enrolling 2FA. I find it to subtle presented and easy to miss.

A modal/popover or something more “in ya face” might be better to not forget to store that key, since its important. Even the opportunity to block users to proceed without having at least stored it to the clipboard, might be an option here.

[wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf]

I commented on the linked PR (#14129 ), just now noticed this issue, sorry.

I was arguing against using modal popup windows, especially for things so essential as e.g. 2FA tokens or app tokens.
While I am completely on the on side for highlighting the prominent information on the page, I am not convinced using a popup window is the best way to go about it.
Might be a personal distaste of modals (I find them distracting) and I am sure there is another way to more gently grab users attention. This blocking, kind of hijacking-my-screen nature of modals is what I don't like, probably.

And finally just an absolutely off the record anti-opinion - if one still manages to overlook the token and chooses to close the window instead of looking further, it can still be rather easily regenerated and nothing happens.