I need to load a second page to enter my password in some sites. Why is this? I even have a site I use that has the username, password and 2FA entries on separate pages that each need to be loaded one after the other.

My uneducated guess is that it makes it harder for bots, but I can’t imagine it being that much of an impedance 🤷‍

Cheers!

  • faltryka@lemmy.world
    96·
    1 day ago

    This is called an identity first workflow and is used specifically so that they can route different people to different login ceremonies or providers.

    They get your id first, and use that id to determine what your login ceremony is. Perhaps you’re with a business that they have an sso integration with and will send you on to your businesses sso provider, or perhaps you’re a local user for them and get a password screen next.

    • grue@lemmy.world
      353·
      1 day ago

      login ceremony

      What pretentious asshole came up with that bit of jargon?

    • village604@adultswim.fanEnglish
      2·
      1 day ago

      That doesn’t explain why my Synology NAS does it, though, because I don’t believe the web portal has the ability to handle different authentication flows.

      I think it might also be a barrier against brute force attacks.

      • dustyData@lemmy.worldEnglish
        7·
        21 hours ago

        Synology offers cloud services and business level support for their enterprise products. They do support different authentication workflows, they are just not all included with the consumer products.

      • NotSteve_@piefed.caEnglish
        4·
        1 day ago

        I’ve never used Synology stuff but it could be future proofing or a default feature of the authentication service/provider they’re using (if they are using one).

        For a NAS, it actually seems like something corporate customers would very much want to have SSO support for so I’d actually be surprised if there wasn’t some way to set it up already

    • corsicanguppy@lemmy.caEnglish
      12·
      1 day ago

      identity first workflow and is used specifically so that they can route different people to different login [hamster wheels]

      The one thing MADE for JavaScript and no.

  • misterbngo@awful.systems
    22·
    1 day ago

    This is generally done when you have customers with SSO, the first one will take the email and if the domain is ssod it forces them through a particular workflow. Otherwise you get the other normal username/password flow

  • mspencer712@programming.dev
    43·
    1 day ago

    Different domains need different authentication flows. If the provided email ends in a domain they recognize, instead of prompting for a password you’d be sent to another auth provider to authenticate there.

    • TranquilTurbulence@lemmy.zipEnglish
      17·
      1 day ago

      This is usually the right answer. In the past, logging in was a simple pipeline with no forks along the way. That’s why a simple username + password did the trick. Nowadays, logging in has become a complicated journey with several ways to get to the destination. Once the site knows your email, it knows what’s the next step in your case.

  • just_another_person@lemmy.world
    113·
    1 day ago

    Sometimes it’s just UI/UX, sometimes it’s to deter specific patterns they’ve seen from bots, users, or brute-force. It’s really just subjective. One isn’t necessarily better than the others though it does mess with automated input of credentials a lot of times.

  • paraphrand@lemmy.worldEnglish
    3·
    1 day ago

    I always assumed some sites harvest what ever you enter in the first box. Especially if it’s an email address. But other people in this thread have the legitimate answer.