why do so many sites make you log in with a box for you to put your email which you have to submit before they'll show the password box and then you have to submit that again, what possible purpose does it serve?? I assume it's not checking your email is on their system before letting you enter a password cos that sounds like a security flaw
@wolfie I think it's mostly because some people will be logging in via Single Sign-On according to their account settings, and therefore won't be prompted for a password.
In the early days of this practice, it really messed with password managers, but now they seem to handle it better. I'm not sure on which end things improved.
I don't think it meaningfully helps against brute force attempts, though.
@varx I'm not sure what you mean by single sign on? On any site I've ever seen this I have to enter the email/username and then it loads the password box after you submit
@wolfie The real fun is that you can have a whole chain of identity providers, where Corporate Internal App delegates to Corporate Identity Provider which delegates to Google which delegates to Okta or some other awful sequence like that. (I can't think of a real example at the moment, but I've seen one.)
@wolfie You're totally right, by the way, that it's a security flaw to reveal whether an email address is registered with the site. But there are enough good reasons to do it from a usability perspective that some sites will just accept the risk. 🤷