Ask Lemmy

26249 readers

1594 users here now

A Fediverse community for open-ended, thought provoking questions

Rules: (interactive)

1) Be nice and; have fun

Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them

2) All posts must end with a '?'

This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?

3) No spam

Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.

4) NSFW is okay, within reason

Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].

5) This is not a support community.

It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.

Reminder: The terms of service apply here too.

Partnered Communities:

Logo design credit goes to: tubbadu

founded 1 year ago

MODERATORS

Bluetreefrog@lemmy.world

candyman337@lemmy.world

TheSaneWriter@lemm.ee

TheSaneWriter@lemmy.thesanewriter.com

candyman337@sh.itjust.works

Asudox@lemmy.world

can@lemmy.ca

lemmy_bot@lemmy.world

beefbaby182@lemmy.world

AsudoxDev@programming.dev

311

What is it with services now separating username and password fields? (lemm.ee)

submitted 11 months ago by redballooon@lemm.ee to c/asklemmy@lemmy.world

54 comments fedilink hide all child comments

Back in the old times, on the sites I log in regularly, my browser filled in both username and password. I clicked "Log in" once, and I was set to go.

But no more. Now it's all first a username, then a password. From what I saw, Apple started this many years ago, but now this bother really spread. And it's not like I can just double-click on the same screen area, oh no. Animations make sure that I have to wait several hundred milliseconds before the password field is there, and depending on the site, I even have to select from my browser, which login I want to use, twice!

Why, oh why?

All my screens are really big enough to display 2 text fields. What are arguments for this behavior? I don't see any.

you are viewing a single comment's thread
view the rest of the comments

[–] boatswain@infosec.pub 3 points 11 months ago (1 children)

So exposing information about users (how they log in) without authenticating that you're someone authorized to have that information?

The better way to do this is to just have "log in with Google" or whatever buttons.

[–] bus_factor@lemmy.world 1 points 11 months ago

As I mentioned elsewhere in the thread, most users don't remember what they used when they created the account, particularly if it's something they don't use often. It's also cumbersome to have to input that, especially if you bundle that with an optional password field.

That's not to say you don't have a point about leaking that information. Personally I'd be more concerned about leaking the fact that I have an account at all. If this is a concern for you, you are likely not inclined to use the likes of Google Auth or Facebook Auth. You'd be better off using a unique password for each service, store them in some sort of password manager, and rely on the default behavior treating "local account" and "no account" the same in terms of showing you the password field.

Maybe that's not your preferred behavior, but it does allow you to keep that data private while simultaneously being easier to use for the SSO users.