Ondřej SurýRepeat after me: Separating username and password fields on separate (fucking responsive) page WILL NOT INCREASE A FUCKING SECURITY IN ANY WAY! IT WILL JUST MAKE THE PASSWORD MANAGERS TO WORK WORSE AND THUS IT WILL FUCKING DECREASE THE SECURITY!!!
Ian Williamson@ondrej @mistercharlie Isn’t this done to support identity federation? Enter my work email and it redirects to my work identity tool (Entra, Okta, Google, etc) which logs me straight in with SSO. Enter my personal email and it asks for a passkey that I set up. Enter another email address and it asks for a password and authenticator code. Without knowing the identity first, how should it present the appropriate fields for authentication which that federated identity uses (if any)?
Kagan MacTane (he/him)
Ölbaum@kagan That’s the reason in a tiny minority of cases. For the rest, the reason is superstition: some dickhead at company B saw such a login form by company A, didn’t know why it was done that way, concluded it must be for security reasons, made the team do the same, and told customer service to tell people who complain that it’s for their own safety.
@tuckerjj @ondrej @mistercharlie
@tuckerjj @ondrej @mistercharlie
@oscherler @tuckerjj @ondrej @mistercharlie I don't know how we could possibly survey all the sites out there and find out how true this is, but... I find this all too depressingly believable.
Cees-Jan Kiewiet 
@oscherler @kagan @tuckerjj @ondrej @mistercharlie and also SSO can be done with an SSO button. Much clearer
@wyri @oscherler @kagan @ondrej @mistercharlie A lot of users won’t have a clue what this is. Enter their email address and it’ll pick automatically.
@tuckerjj @oscherler @kagan @ondrej @mistercharlie yeah that's fair, also have to say my password manager is getting pretty good at it.