Skip to content

Commit 18ba1c6

Browse files
authored
Improve text in Security settings (#28393)
- en-US: Rename "Scratch Tokens" to "single-use recovery keys". Longer, but clearer. - Improve titles - TOTP: Improve description - TOTP: Inform user about Scratch Tokens to encourage TOTP usage - WebAuthn: Add loss of access warning
1 parent 4bf5653 commit 18ba1c6

File tree

3 files changed

+13
-7
lines changed

3 files changed

+13
-7
lines changed

options/locale/locale_en-US.ini

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -626,11 +626,11 @@ applications = Applications
626626
orgs = Manage Organizations
627627
repos = Repositories
628628
delete = Delete Account
629-
twofa = Two-Factor Authentication
629+
twofa = Two-Factor Authentication (TOTP)
630630
account_link = Linked Accounts
631631
organization = Organizations
632632
uid = UID
633-
webauthn = Security Keys
633+
webauthn = Two-Factor Authentication (Security Keys)
634634
635635
public_profile = Public Profile
636636
biography_placeholder = Tell us a little bit about yourself! (You can use Markdown)
@@ -864,29 +864,32 @@ revoke_oauth2_grant = Revoke Access
864864
revoke_oauth2_grant_description = Revoking access for this third party application will prevent this application from accessing your data. Are you sure?
865865
revoke_oauth2_grant_success = Access revoked successfully.
866866

867-
twofa_desc = Two-factor authentication enhances the security of your account.
867+
twofa_desc = To protect your account against password theft, you can use a smartphone or another device for receiving time-based one-time passwords ("TOTP").
868+
twofa_recovery_tip = If you lose your device, you will be able to use a single-use recovery key to regain access to your account.
868869
twofa_is_enrolled = Your account is currently <strong>enrolled</strong> in two-factor authentication.
869870
twofa_not_enrolled = Your account is not currently enrolled in two-factor authentication.
870871
twofa_disable = Disable Two-Factor Authentication
871-
twofa_scratch_token_regenerate = Regenerate Scratch Token
872-
twofa_scratch_token_regenerated = Your scratch token is now %s. Store it in a safe place, it will never be shown again.
872+
twofa_scratch_token_regenerate = Regenerate Single-Use Recovery Key
873+
twofa_scratch_token_regenerated = Your single-use recovery key is now %s. Store it in a safe place, as it will not be shown again.
873874
twofa_enroll = Enroll into Two-Factor Authentication
874875
twofa_disable_note = You can disable two-factor authentication if needed.
875876
twofa_disable_desc = Disabling two-factor authentication will make your account less secure. Continue?
876-
regenerate_scratch_token_desc = If you misplaced your scratch token or have already used it to sign in you can reset it here.
877+
regenerate_scratch_token_desc = If you misplaced your recovery key or have already used it to sign in, you can reset it here.
877878
twofa_disabled = Two-factor authentication has been disabled.
878879
scan_this_image = Scan this image with your authentication application:
879880
or_enter_secret = Or enter the secret: %s
880881
then_enter_passcode = And enter the passcode shown in the application:
881882
passcode_invalid = The passcode is incorrect. Try again.
882-
twofa_enrolled = Your account has been enrolled into two-factor authentication. Store your scratch token (%s) in a safe place as it is only shown once!
883+
twofa_enrolled = Your account has been successfully enrolled. Store your single-use recovery key (%s) in a safe place, as it will not be shown again.
883884
twofa_failed_get_secret = Failed to get secret.
884885

885886
webauthn_desc = Security keys are hardware devices containing cryptographic keys. They can be used for two-factor authentication. Security keys must support the <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a> standard.
886887
webauthn_register_key = Add Security Key
887888
webauthn_nickname = Nickname
888889
webauthn_delete_key = Remove Security Key
889890
webauthn_delete_key_desc = If you remove a security key you can no longer sign in with it. Continue?
891+
webauthn_key_loss_warning = If you lose your security keys, you will lose access to your account.
892+
webauthn_alternative_tip = You may want to configure an additional authentication method.
890893

891894
manage_account_links = Manage Linked Accounts
892895
manage_account_links_desc = These external accounts are linked to your Gitea account.

templates/user/settings/security/twofa.tmpl

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@
1616
<button class="ui red button delete-button" data-modal-id="disable-twofa" data-type="form" data-form="#disable-form">{{ctx.Locale.Tr "settings.twofa_disable"}}</button>
1717
</form>
1818
{{else}}
19+
{{/* The recovery tip is there as a means of encouraging a user to enroll */}}
20+
<p>{{ctx.Locale.Tr "settings.twofa_recovery_tip"}}</p>
1921
<p>{{ctx.Locale.Tr "settings.twofa_not_enrolled"}}</p>
2022
<div class="inline field">
2123
<a class="ui primary button" href="{{AppSubUrl}}/user/settings/security/two_factor/enroll">{{ctx.Locale.Tr "settings.twofa_enroll"}}</a>

templates/user/settings/security/webauthn.tmpl

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
<h4 class="ui top attached header">{{ctx.Locale.Tr "settings.webauthn"}}</h4>
22
<div class="ui attached segment">
33
<p>{{ctx.Locale.Tr "settings.webauthn_desc" | Str2html}}</p>
4+
<p>{{ctx.Locale.Tr "settings.webauthn_key_loss_warning"}} {{ctx.Locale.Tr "settings.webauthn_alternative_tip"}}</p>
45
{{template "user/auth/webauthn_error" .}}
56
<div class="flex-list">
67
{{range .WebAuthnCredentials}}

0 commit comments

Comments
 (0)