Who the hell decided that it would be a good idea to prompt for username and password on different screens? Or is this one of those things that someone tried out to be different, and everyone else mistook different for cool?
@Random documents & audio logs when I realized it's because they are checking if you are using SSO. So they get your username, figure out if you're using a special login type, and then give you the password.
But damn do I remember the days that SSO people had to click a different "Login With Google" or whatever button and it was always better
@silverwizard If that's what they're doing, the UI is broken: if I'm logging in to service.com as arensb@company.com, then the service.com login screen should redirect me to a company.com page so I know I'm not giving my credentials to the wrong site.
But I've also seen this antipattern often enough with non-SSO sites that I think it's just fashionable idiocy.
@Random documents & audio logs Yeah - so what they do is: I type: silverwizard -> it sends me to the password login I type: silverwizard@company.com -> it sends me to company.com to login
There might be some cargo culting, but all of the ones I've seen 100% are doing SSO for a subset of users
@silverwizard @Random documents & audio logs I can confirm this behavior, I'm sent from google.com to okta.com for authentication once I submit my corporate email address.
@silverwizard I'm thinking of sites like accounts.google.com/ : there's no password field, and no mention of SSO or Enterprise login. You enter your username/email address, the username field disappears, and a password field, still on google.com, appears.
I've been changing all my passwords because of a data breach, and I've run into a *lot* of sites doing this.
@Random documents & audio logs Yeah - so if you use ActiveDirectory or some other tool to login to google, that page will redirect you to SSO if the account name you type in uses it. Otherwise, it just uses your password. It's pretty shitty.
silverwizard
in reply to A Republic, while we kept it • •@Random documents & audio logs when I realized it's because they are checking if you are using SSO. So they get your username, figure out if you're using a special login type, and then give you the password.
But damn do I remember the days that SSO people had to click a different "Login With Google" or whatever button and it was always better
A Republic, while we kept it
in reply to silverwizard • • •@silverwizard If that's what they're doing, the UI is broken: if I'm logging in to service.com as arensb@company.com, then the service.com login screen should redirect me to a company.com page so I know I'm not giving my credentials to the wrong site.
But I've also seen this antipattern often enough with non-SSO sites that I think it's just fashionable idiocy.
silverwizard
in reply to A Republic, while we kept it • •@Random documents & audio logs Yeah - so what they do is:
I type: silverwizard -> it sends me to the password login
I type: silverwizard@company.com -> it sends me to company.com to login
There might be some cargo culting, but all of the ones I've seen 100% are doing SSO for a subset of users
Hypolite Petovan
in reply to silverwizard • • •A Republic, while we kept it
in reply to silverwizard • • •@silverwizard I'm thinking of sites like accounts.google.com/ : there's no password field, and no mention of SSO or Enterprise login. You enter your username/email address, the username field disappears, and a password field, still on google.com, appears.
I've been changing all my passwords because of a data breach, and I've run into a *lot* of sites doing this.
Sign in - Google Accounts
accounts.google.comsilverwizard
in reply to A Republic, while we kept it • •Hypolite Petovan
in reply to silverwizard • • •