When confirming a user in an organization, you are presented with a checkbox with this text:
Don’t ask to verify fingerprint phrase again
This text is ambiguous. It is unclear what this means. Here are some possible interpretations:
The currently logged-in user will never be asked to verify anyone’s fingerprints for any organization.
The currently logged-in user will never be asked to verify this specific fingerprint for the user in question for any organization.
No user will ever be asked to verify anyone’s fingerprint again for the current organization.
I suggest improving the clarity of the text for this field to indicate the scope of users and organizations that it applies to.
Also, there needs to be a method to reverse this setting. I could not find a way to reverse the setting at all. If the box is checked by accident, it should be obvious where to look for this setting. I can think of two approaches:
Put the toggle directly in the org users page.
Instead of presenting a checkbox, link the logged-in user to the settings page where this setting is toggled.
I’d like to offer a slightly different solution: remove that checkbox from the “Confirm user” dialog.
Reason: one click of this will reduce security, and you may not notice because you’re no longer prompted to verify a new user again. Presenting this checkbox every single time you confirm a user increases the chance that someone will accidentally check it. (Marking it “not recommended” doesn’t reduce the risk.)
If this option should be available at all, it should be in the formal “Settings” section of the account, and should include an appropriate warning message. It should definitely NOT be on that dialog.