STEPS: Using the Windows desktop app, select a login item and click the edit button. Go to the password field and click the generate password button.
RESULT: A popup is displayed saying, “Are you sure you want to overwrite the current password?”
EXPECTED: No extra popups.
The popup can be eliminated by 1) adding a message within the generator when it is opened this way saying something like, “Click Select to overwrite the password on the current item” 2) upon Select being clicked, show an animation in the password field to indicate that it has changed such as having the text blink once or twice.
The extra protection of the popup is not needed if the user otherwise knows that the password on the current item is being changed. If a mistake is made, the old password can be recovered using password history.
If you are changing many passwords at once, every additional click is an annoyance and hinderance.
I completely agree. The user is already providing three independent affirmations that they wish to change the password, by:
Clicking the icon in the Password field, which by itself directly communicates an intent to change the password.
Clicking Select to replace the old password.
Clicking Save to explicitly confirm that changes made should be kept.
And if a user somehow manages to unintentionally overwrite their password by completely sleep-walking through these three steps, then there is still an option to retrieve the previous password from the Password History.
Thus, the extra “Are you sure?” prompt — which now brings the total number of user affirmations to four — is completely superfluous (and as noted by OP, impedes efficient use of Bitwarden by requiring an unnecessary additional mouse-click).
I would further note that the UX here is inconsistent, since the “Are you sure?” warning does not pop up if manually overwriting the password, only when using the Password Generator.
If Bitwarden does not wish to eliminate this pop-up altogether, then I would propose two essential changes:
The “Are you sure?” pop-up should appear when clicking Select in the generator, not when clicking the icon in the Password field.
The pop-up prompt should include a user-checkable option for “Do not show this message again”.
Well, I don’t agree. For context for all others: with the new browser UI, that warning is gone now.
But I don’t agree with your description here as - I’m talking about the new UI now - the user doesn’t necessarily have to provide three independent affirmations, as in your three points, as the user also just in editing mode can accidentally get into the password field and change something accidentally here without realizing it.
No “communication of intent” then. Even by clicking “save”, that was not an affirmation of changing the password then.
Of course, as you write, that “sleep-walking scenario” can be reverted.
But I would argue that (almost?) everywhere else in using computers, you are asked if you want to overwrite important data or not. I would consider it a good UX, to not having to worry about accidentally changing passwords to accounts, and to rely on those ubiquitous warning messages.
Yes, they do — in fact, if it four independent affirmations:
Clicking the Edit button, which communicates an intent to make modifications.
Clicking the icon in the Password field, which by itself directly communicates an intent to change the password.
Clicking Use this password to replace the old password.
Clicking Save to explicitly confirm that changes made should be kept.
The only changes relative to the old UI is that the “Select” button has now been renamed to “Use this password”, and that the superfluous prompt after the second step has thankfully been eliminated.
If your argument is that a user may be intending to edit a different field (not the password), then that only removes Affirmation #1 and Affirmation #4 — there are still two independent affirmations that the user intends to update the password (and a safety hatch, as previously described).
I think you may have been talking about what happens when a user manually edits the password, and by now have realized that the old UI also never provided a warning for this action. Personally, I wouldn’t mind if a warning is shown only when manually editing a password field. But such a warning should state the following:
icon in the Password field, which by itself directly communicates an intent to change the password.