Source string changeKdfLoggedOutWarning is inaccurate/misleading

On March 10, 2023, @bwjflinn changed the source string for changeKdfLoggedOutWarning from:

“Proceeding will log you out of your current session, requiring you to log back in. Active sessions on other devices may continue to remain active for up to one hour. We recommend exporting your vault before changing your encryption settings to prevent data loss.”

to:

“Proceeding will log you out of all active sessions. You will need to log back in and complete two-step login setup. We recommend exporting your vault before changing your encryption settings to prevent data loss.”

It is not clear why the statement “You will need to … complete two-step login setup” was added. This information is inaccurate, because changing the KDF settings do not affect the 2FA settings, so the user who proceeds with the KDF changes does not need to complete two-step login setup when logging back in.

The current wording of the message is already leading to user confusion, including the following examples:

• User who does not have 2FA enabled is concerned that enabling 2FA will be mandatory after changing KDF settings.

• User who is using Yubikeys for 2FA is concerned that updating KDF settings will de-register all of their Yubikeys.

I suggest that the changeKdfLoggedOutWarning source string be changed to the following:

“Proceeding will log you out of all active sessions, requiring you to log back in. To prevent data loss, we recommend exporting your vault before changing your encryption key settings.”

This correction should be made a.s.a.p., before approving pending translations of the changeKdfLoggedOutWarning string.

I already had one Reddit user who was confused by this. Here is the alternate wording I would suggest:

You will need to log back in, including any two-factor authentication required by your account.

Your suggested wording will need some tweaking, as it doesn’t seem grammatically sound.

Perhaps:

“Proceeding will log you out of all active sessions. You will need to complete the login process again, including any two-step login method required for your account. To prevent data loss, we recommend exporting your vault before changing your encryption key settings.”

Here’s yet another Reddit comment from a concerned user who was confused by the notice about needing to “complete two-step login setup” after changing the KDF settings:

It says I need to update my kdf settings and before doing so I should export my vault, which I did, and to also setup 2 step authentication. So I would have to use 2 step all the time going forward? For myself it’s not a huge deal, but that kind of shit just loses my wife. She gets aggravated and then just goes back to using the same 4 passwords for everything again which I don’t want her to do.

Thanks @grb will pass that along to the team.