In a couple of Support tickets we've had it now that a customer thought he would be setting (as in defining or changing) the "Authentication Code" here in the CryptoToken edit dialog when of course this place only allows to save it for the Auto-activation feature. Perhaps this comes from the fact that the operator has to enter it twice here, which usually is a stereotype that is used for defining secrets.
(I totally understand why here in this case the GUI offers to enter and repeat it)
Could we try to make this more clear ?
Perhaps the Auto-activation checkbox could be moved above those input fields ?
Perhaps those two input fields could only be shown if the operator ticks/activates the Auto-activation checkbox ? Perhaps we could also have a placeholder="foo123" attribute set for those fields (if already auto-activated) which would end up to show some •••••• and make it more clear that something is already set.
Perhaps also we could have a small help text saying that if the operator wishes to change the Authentication Code, he will have to do so in a third party application depending of the HSM (brand).
Perhaps we could have that help text say that he has to do that in the "PKI Appliance WebConf" if the PKCS#11 Library is "internal HSM" ? Pretty please ?