Repeat after me: Separating username and password fields on separate (fucking responsive) page WILL NOT INCREASE A FUCKING SECURITY IN ANY WAY! IT WILL JUST MAKE THE PASSWORD MANAGERS TO WORK WORSE AND IT THUS IT WILL FUCKING DECREASE THE SECURITY!!!
@ondrej also, don't fucking continue with the login process as soon as 6 digits are entered in the 2FA stage (looking at you, Atlassian). I got locked out twice because I had a wrong paste in my clipboard from the password manager and the login window disappeared so fast I couldn't notice that the numbers stayed the same.
I hate that UX is run by fucking morons nowaday almost unanimously across the board 🤬
- replies
- 0
- announces
- 0
- likes
- 8
@ondrej The point here isn't security, the point is that some users aren't using a password at all. If such a username is detected, instead of being redirected to the password page, you're taken straight to Okta / whatever your chosen SSO system is.
@ondrej @looopTools *Unless the password is removed completely
@ondrej better yet, i deal with one at work that is the username on login dot domain dot com and the password field is on auth dot domain dot com 🙃