I see this more and more lately: go to log in to some site, and they only show the username field. Enter username, click Submit, then a password field appears. Enter password, click Submit again, and then we’re logged in.

This makes using a password manager super annoying, because I have to trigger the autofill twice.

Is there some security-related reason more sites are doing this? Is it an anti-bot thing? I’m just really curious, because it seems so pointless on its face, but it seems to be spreading.

  • D3mon
    link
    fedilink
    arrow-up
    17
    ·
    1 year ago

    On applications I’ve worked on, pretty much every time we’ve integrated SSO using oauth we’ve modified the entire login form to look the same. That means enter email, and we either send you to your provider login page or we show a password prompt after. Not a good reason in my opinion, but one that shows a similar UI regardless of login type.

    • invicticide@programming.devOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Ah yeah, this makes sense.

      I have seen other services include an explicit SSO link under the user/pass form, which IMO is clearer what’s actually going on, but I’m sure that structure hopelessly confuses lots of less technical users, too.