I see this more and more lately: go to log in to some site, and they only show the username field. Enter username, click Submit, then a password field appears. Enter password, click Submit again, and then we’re logged in.

This makes using a password manager super annoying, because I have to trigger the autofill twice.

Is there some security-related reason more sites are doing this? Is it an anti-bot thing? I’m just really curious, because it seems so pointless on its face, but it seems to be spreading.

  • body_by_make@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 year ago

    They usually just check if it needs to go to an SSO sign in. The only thing that will happen is if the email or org id you entered belongs to an SSO identity then you’ll be taken somewhere else to login. Otherwise, whether the username/email exists or not, it’s the same password flow.