Conversation
zachmargolis
left a comment
zachmargolis
left a comment
There was a problem hiding this comment.
LGTM. Do you think we should add a regression feature spec that checks the labels associated with out OTP fields and makes sure they don't have the work security?
Good question. At the moment, it was |
Right -- my thinking is the spec would help us prevent accidentally re-adding it in like a year or so, if we did a copy review and wanted to add back in the word security. If none of the people on the team remember this PR, the spec would help remind us we removed it on purpose |
I don’t feel strongly, but I’d be ok not testing for this. We could add a comment to the translation? |
Thanks for all the feedback! I added a comment to the yaml files, I also realized that this only tiggers for labels, element names and ids, so we can have that string other places. I did create another ticket for content to go through and standardize the help docs with the updated language as well. |
3 participants
What
When using one-time security codes, ios devices prompt the user to autofill or scan credit card information.
More info and screenshots available in the Jira ticket: https://cm-jira.usa.gov/browse/LG-6047
Why
After a lot of experimentation on deployed sandbox environments, because ios devices don't prompt on locally hosted environments, the issue was identified as the string
security codein the label for the input. Only english was affected, but for consistency we're updating the translation for French and Spanish. There are other language considerations, help docs, etc. but those will be addressed in another ticket.Testing
You can test this by going to https://idp.ssteiner.identitysandbox.gov/, login, and use sms for mfa verification. Select the input and notice the keyboard section. On production you'll see an autofill or scan credit card area at the top of the virtual keyboard. That should be empty in the sandbox environment.