Back in the old times, on the sites I log in regularly, my browser filled in both username and password. I clicked “Log in” once, and I was set to go.

But no more. Now it’s all first a username, then a password. From what I saw, Apple started this many years ago, but now this bother really spread. And it’s not like I can just double-click on the same screen area, oh no. Animations make sure that I have to wait several hundred milliseconds before the password field is there, and depending on the site, I even have to select from my browser, which login I want to use, twice!

Why, oh why?

All my screens are really big enough to display 2 text fields. What are arguments for this behavior? I don’t see any.

  • boatswain@infosec.pub
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    So exposing information about users (how they log in) without authenticating that you’re someone authorized to have that information?

    The better way to do this is to just have “log in with Google” or whatever buttons.

    • bus_factor@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      As I mentioned elsewhere in the thread, most users don’t remember what they used when they created the account, particularly if it’s something they don’t use often. It’s also cumbersome to have to input that, especially if you bundle that with an optional password field.

      That’s not to say you don’t have a point about leaking that information. Personally I’d be more concerned about leaking the fact that I have an account at all. If this is a concern for you, you are likely not inclined to use the likes of Google Auth or Facebook Auth. You’d be better off using a unique password for each service, store them in some sort of password manager, and rely on the default behavior treating “local account” and “no account” the same in terms of showing you the password field.

      Maybe that’s not your preferred behavior, but it does allow you to keep that data private while simultaneously being easier to use for the SSO users.