Paul DwerryhousePossibly the most annoying UI trend of the last few years is websites changing from
[username] - [ password ] -> Login
to
[username] -> Next -> [ password ] -> Login
varx/tech@pdwerryhouse I think, although I am not sure, that this separation of username and password onto two screens is driven by heavy adoption of third-party authentication. Before they can ask for your password, they need to find out if you're actually going to be signing in via OAuth or something else instead.
(Well, that's one reason at least. I'm pretty sure banks started doing this about 10 years ago just to be ornery.)
Mathias@varx @pdwerryhouse Yes. E.g., if you are logging in at Microsoft, your password is sent to your organisation's AD depending on the domain used in the username.
@matthegap @pdwerryhouse Oh man, I just saw that for the first time recently. So sketchy! All this training to never enter your password on a site other than the one it was registered with, and Microsoft just ambles up and says "hey, we'll log in for you, don't worry about it".
Sören@varx @matthegap @pdwerryhouse it’s the opposite. It’s so that when your own org handles auth, Microsoft *doesn’t* get your credentials
@chucker @matthegap @pdwerryhouse Not what I'm seeing!
To demonstrate, here's what I see if I go to edx.org and try logging in via Microsoft. I've entered a real 2u.com email address (not mine) to show what the password entry screen looks like.
It's asking me to enter the password that was set in the OneLogin system, not the one that was set in the Microsoft system. I'm not sure whether there's some kind of Active Directory style password sync going on or Microsoft's login server is going to relay the password to OneLogin, but either way it's an example of a website asking you to enter a password that is for a different origin.
@chucker @matthegap @pdwerryhouse Certainly it is true that on *most* sites, this would instead be a redirect involving SAML or a similar flow, but in this one it just straight-up asks for the password on the second screen.