why do so many sites make you log in with a box for you to put your email which you have to submit before they'll show the password box and then you have to submit that again, what possible purpose does it serve?? I assume it's not checking your email is on their system before letting you enter a password cos that sounds like a security flaw
@wolfie I think it's mostly because some people will be logging in via Single Sign-On according to their account settings, and therefore won't be prompted for a password.
In the early days of this practice, it really messed with password managers, but now they seem to handle it better. I'm not sure on which end things improved.
I don't think it meaningfully helps against brute force attempts, though.
@varx I'm not sure what you mean by single sign on? On any site I've ever seen this I have to enter the email/username and then it loads the password box after you submit
@varx ah, thanks for explaining, I've only ever seen the SSO process be triggered by specifically clicking the "sign in with X service* button on a page that also has a username and password box rather than typing the email and triggering it so I wouldn't have associated that, the hide the password type of login has mostly happened to me on sites that afaik didn't have SSO
@wolfie I've also seen it on some sites that I'm _pretty_ sure don't use SSO, like credit unions, but financial institutions also tend to do cargo cult security sooooo... 🤷
A silly instance of Mastodon for queer folk and non-queer folk alike. Let's be friends!