is there a reason for this bizarre webdev fad of only presenting a username box and *then* showing the password box
It's cargo-culted from the (very good!) practice of showing the user a secret they pre-selected before asking for their pw (kills phishing).
-
-
why does it kill phishing; can’t the phisher send the username to the real site and then present the pre-selected secret on the fake site?
-
My assumption is that the "real" site must have some method of forbidding multiple login attempts, otherwise yeah.
-
Yes, it doesn't really kill phishing (except trivial forms) by itself, but allows them to see something sketchy going on.
End of conversation
New conversation -
-
-
But if you don't understand that and just cargo-cult copy the "pw on second page" aspect, it just annoys and inconveniences users.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.