I see this more and more lately: go to log in to some site, and they only show the username field. Enter username, click Submit, then a password field appears. Enter password, click Submit again, and then we’re logged in.
This makes using a password manager super annoying, because I have to trigger the autofill twice.
Is there some security-related reason more sites are doing this? Is it an anti-bot thing? I’m just really curious, because it seems so pointless on its face, but it seems to be spreading.
To add to this… Sites that initially show both the username and password fields can get very confusing when using SSO. Dropbox used to be like this - It’d show both fields, but as soon as you entered an email address that uses SSO, it’d hide the password field. Sometimes the request would fail and so it’d still show the password field, but no passwords are valid for an SSO account, so it’d just look broken.