re: Are login forms that ask for your username and password on two different pages more secure? VIEW POST

re: Do you mean that if you can intercept and decode HTTPS traffic but only on 50% of requests, then you have 25% percent of chance to intercept both u...

Right. It’s almost as good a feature as the “This password is already used by user SoonToBeP0wned666, please choose another one” error message;

To be honest, it's not that much of a difference with the traditional approach when you send e-mail and password at the same time. You'd still receive an error telling you that this e-mail is taken/invalid password, so asking the e-mail first does not make that much of a difference, but it really improves the UX imo (I don't have to go to the register page if the e-mail is not found, the form would change itself on the fly).

Makes generic http(s) form interception much more difficult.


Code of Conduct Report abuse