Back in the old times, on the sites I log in regularly, my browser filled in both username and password. I clicked “Log in” once, and I was set to go.
But no more. Now it’s all first a username, then a password. From what I saw, Apple started this many years ago, but now this bother really spread. And it’s not like I can just double-click on the same screen area, oh no. Animations make sure that I have to wait several hundred milliseconds before the password field is there, and depending on the site, I even have to select from my browser, which login I want to use, twice!
Why, oh why?
All my screens are really big enough to display 2 text fields. What are arguments for this behavior? I don’t see any.
Federation. Your email address could either be local creds, or federated with google, Microsoft, Facebook, Apple, etc.
When you submit your email address, it determines how you will be authenticating when you submit it.
That could be done after the user enters both the email/username and password
Edit: sorry, I think I misunderstood what you said, but if someone is using something like “sign in with google”, we’ve had separate buttons for that for ages.
I believe it is so they can support various different SSO providers.
Like, oh you’re trying to log in as Peter, well you’re a member of the Initech domain, which uses the Initrode SSO, so let me redirect you to their SSO login page.
Oh, you’re Bill, you just use a password you pleb. Here’s your text box.
There’s two reasons I can think of. One is direct resistance by services to password auto-fill during the aughts (it was new and scary) and separating the account field and pass field defeated auto-fill detection at the time. Amazon separated account and password around then and it’s been that way since.
The other is your secret picture, a preventative measure against phishing attacks used by banks and other commercial interests, When you create an account, you’re asked to select a stock image and a phrase that the site shows you when asking for your password. That way you know it’s really the bank’s site and not a phishing site.
Right now I think I have only one web account that uses such a protection.
As tech gets progressively faster we must find ways to make software slower and less usable otherwise it would be too convenient /s
Nowadays it is possible to set up many services in such a way that you authenticate in a different way from a password, for example with an app on a smartphone. Such services can’t ask you for your password until you have told them what account you want to log into because it might turn out you have to give them something other than a password.