Back in the old times, on the sites I log in regularly, my browser filled in both username and password. I clicked “Log in” once, and I was set to go.
But no more. Now it’s all first a username, then a password. From what I saw, Apple started this many years ago, but now this bother really spread. And it’s not like I can just double-click on the same screen area, oh no. Animations make sure that I have to wait several hundred milliseconds before the password field is there, and depending on the site, I even have to select from my browser, which login I want to use, twice!
Why, oh why?
All my screens are really big enough to display 2 text fields. What are arguments for this behavior? I don’t see any.
A lot of services these days support multiple forms of authentication. Did you sign up with a separate password? Did you use Google or Facebook auth? Is this a corporate account where auth is via their SSO? They don’t even know whether they should ask for your password until they know who you are.
That’s the best explanation I heard so far.
As someone who just built one of these, that is the exact reason we did it.
It would be cool if users just remembered which service they used to sign in, but they often don’t, so this is the next best thing. Tell us your email, we look up which service you used, then send you to that service to complete the login.
Pro tip: leave the password field on the site but make it invisible. So when I am using my password manager to fill in the username, the password field will be filled out too. And I don’t have to use my password manager twice for one login.
1Password actually is really good at handling these two step login screens, for me it always autofills the password correctly
So far Bitwarden has been doing great for me, too.
Are you using the auto-fill on page load? I heard that is a security risk.
For me I have to <> <>, <> <>
To login to these forms, and on mobile this means unlocking my vault twice (which happens to be a bit annoying bc my Face ID is broken)
I do not use auto fill, no.
But at least you should be able to unlock your vault once and then keep it unlocked for a few minutes so you don’t need to double up. Maybe try the browser extension that you can get for Firefox (both desktop and mobile).
This is the answer. I’ve had to build it a handful of times and it always feels bad.
I wouldn’t mind the separate pages for username / password if the “remember me on this device” checkbox weren’t fucking useless 99% of the time.
Oh yes.
That probably is not covered by the functional cookies that’s the maximum which I allow any site.
Is it ever not useless?
I believe it is so they can support various different SSO providers.
Like, oh you’re trying to log in as Peter, well you’re a member of the Initech domain, which uses the Initrode SSO, so let me redirect you to their SSO login page.
Oh, you’re Bill, you just use a password you pleb. Here’s your text box.
Initech
You wouldn’t happen to have 8 bosses, would you?
Asking questions is a sign of upper management.
I think it’s due to single sign on (SSO) or other means of authentication (OAUTH), which is convenient when used.
But I agree, annoying if you use username and password.
yeah i noticed this as well. extremely annoying, i’m sick of UX getting shittier and more annoying for the vague promise of ‘security’. having to get my phone out to login to youtube is a fucking downgrade, plain and simple.
Google does this best. It hides the password field but it can still be picked up by bitwarden and other password managers so will already be auto-filled when you press next.
I still hate that form of login though.
Companies lose money when their customers get complacent with security. This is one method to increase engagement with the log in process to minimize inattention. Obviously it goes counter to the opposite goal of reducing friction with the UI, they try to balance somewhere between both.
