Cisco IOS EOL confirmation

I am assisting in a network security review and am looking at EOL for some Cisco devices, specifically used with Cisco Unified Communications I have a VG224 Analog gateway and 3952 Voice gateway. The running configs for both indicate version 15.1. Based on all the EOL notices I have seen from CISCO, it appears that 15.1 is no longer supported, with 15.1(4) being the last of it. Am I correct on this? Also, it looks like the VG224 are also EOL. Appreciate feedback.

What should a e-mail address confirmation e-mail say?

I’m sending out an e-mail containing a link to prove the user had registered with an e-mail address they have access to.

  1. What is the name of such an e-mail? Verification e-mail, confirmation e-mail, account activation or something else? In a similar sense what is the name of the link in the e-mail?

  2. What should the e-mail say? I want to make this accessible to non-technically inclined users.

  3. What should the subject of the e-mail be?

In a booking confirmation page, is it good UX to tell the user they have an option to cancel once they have booked?

We want to keep the page as simple as possible with the appointment schedule, booking fee and payment method.

But when keeping in mind a user-centric approach, a problem that might arise would be:

What if the user wants to know if they can still cancel the booking?

Would it be a distraction to the main flow(booking) if we explain to them the cancel policy in the confirmation page?

The policy goes something like :

“You may cancel at least 24 hours before the appointment schedule to get a 100% rebate.”

Take note that this app only charges the booking fee and a rebate would be given after they have cancelled, the payment for the service would be done after the service has been made.

One of the stakeholders also said that: “It would give the idea that we aren’t confident of our bookings because we give the users an idea that they can cancel”

Identity confirmation using PIN to decrypt previously issued token

I am building an app (for web and mobile) that requires a user pass two stages of authentication/authorisation in order to access a server-side API and subsequently use the app. First, they must supply valid credentials (username/password). Second, they must meet a series of variable criteria, for example the current time being within a defined range.

I am planning to implement this through the use of two tokens:

  • A long-term, randomly generated, opaque session token
  • A short-lived JWT authorisation token, with self-contained user and expiry data

On the client side, the presence of the session token would allow the user to skip re-entering their (hopefully long and complex) username/password. On the server side, a valid session token would be required to issue an authorisation token, and a valid authorisation token would be required to access the API.

While the goal of the session token is to simplify access (particularly on mobile devices) by removing the need to enter full username/password, I would prefer the user still re-confirm their identity before a new authorisation token is issued. A shorter numeric PIN (or potentially a fingerprint/face scan on supported devices) could allow this.

However, storing such a PIN along with the user’s other data on the server would require full management facilities, as with their password (“I forgot my PIN”). To avoid this overhead, I am thinking about the following approach.

On initial login (no known session token):

  • Ask for and submit username, password, and PIN.
  • If username/password are valid, generate the session token.
  • Encrypt the session token under a key derived from a server-known secret plus the submitted PIN.
  • Return the encrypted session token to the client.

On subsequent login (known session token):

  • Ask for PIN.
  • Submit PIN and encrypted session token.
  • Decrypt the session token, using the submitted PIN, and compare the result to that stored on the server.
  • If the decrypted session token matches a valid session, the user has confirmed their identity and an authorisation token can be issued.

In my mind, this allows a simple “identity confirmation” step with little overhead. The user can reset their PIN at any time simply by fully logging out and logging back in again, choosing a new PIN. And while the PIN is short and simple, it is combined with a server-known secret in order to derive the encryption key, so an offline brute-force of the encrypted session token should be extremely difficult. And server-side use of a slow key derivation function, rate limiting, and lockouts on failed attempts should mitigate online attacks on the PIN.

So my question is: is my thinking correct? Is this a secure way to achieve my goal?

Closing app via keyboard shortcut — should there be a confirmation dialogue?

There are many ways to close apps: mouse-and-click on an ‘x’ somewhere, choose “Quit” as a menu option, keyboard shortcuts (ctrl-w, cmd-q, alt-f4 etc.)

I notice some apps I use ask me “Are you sure you want to exit?” when I try to close them.

What are the UX guidelines as to when there should be an “Are you sure you want to exit?” confirmation dialogue?

How to uninstall Citrix Receiver package with confirmation

I am trying to run a command line task on a HP thin Client to uninstall citrix receiver.

The task runs the below command on the client.

sudo apt-get –purge remove -y icaclient-term

it shows it has completed successfully but when I check I can see the receiver is still installed.

On x-terminal I can successfully uninstall by just running sudo apt-get –purge remove icaclient-term

What is the correct command to unsintall with a confirmation when prompted for y/n?

Best place to show a confirmation modal in a purchase flow

So, I’m working on an insurance ecommerce and would like to get input on where to show a confirmation modal. Let’s say I am in the summary page, and there’s a “Change Plan” button to choose another plan. I have to options where to show the confirmation modal

Option 1. Once the user clicks the “Change button”, s/he is redirected to the Plans Page. And right after the user clicks the “I want this plan” button to commit the change, show the modal.

Option 2. Show the modal in the Summary Page right after the user clicks the “Change Plan” button. And then redirect the user to the Plan Page.

I feel option 1 works better as the modal is shown right before committing the change, but option 2 can work as well. Any feedback is appreciated.

Prototype that shows both options https://www.figma.com/proto/nuRTOn8ZdMjGLkHrQXOZge/Untitled?node-id=6%3A38&viewport=-570%2C195%2C0.6362286806106567&scaling=min-zoom