I see this more and more lately: go to log in to some site, and they only show the username field. Enter username, click Submit, then a password field appears. Enter password, click Submit again, and then we’re logged in.

This makes using a password manager super annoying, because I have to trigger the autofill twice.

Is there some security-related reason more sites are doing this? Is it an anti-bot thing? I’m just really curious, because it seems so pointless on its face, but it seems to be spreading.

  • 39Y523R
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I’d love to see passwords die out.

    Me too, public key based authentication would be so much better, and safer too. But that would require intelligent end users, which is impossible.

    How would you replace it instead? Biometric?

    • dan@upvote.au
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      How would you replace it instead? Biometric?

      Biometric or certificate on a physical device (e.g. Yubikey) auth via Webauthn/FIDO2 is becoming more popular.