loading...

re: Are login forms that ask for your username and password on two different pages more secure? VIEW POST

FULL DISCUSSION
 

I think It's not a security measure per-se, but just a way to provide optional multi-factor authentication.
When you submit your username/email the server can check to see if it's a suspicious or legit login attempt and render more or less additional input fields accordingly.
Most of us just see an email field on the first step and a password field on the second step and think its a bit silly but if you get prompted with additional fields based on some criteria it seems a pretty clean solution

 

In multi-factor authentication, the second factor is usually triggered after you successfully typed your password (otherwise anyone could flood people with SMS codes just by filling their e-mail address).

 

You could technically perform some security audit upon entering e-mail, e.g. if you keep tracking of login attempts. If there are 18493 successful logins from 1.1.1.1 and then someone tries to log in from 2.2.2.2, you could already alert an user about some suspicious attempt.

Code of Conduct Report abuse