is there a reason for this bizarre webdev fad of only presenting a username box and *then* showing the password box
-
-
Replying to @xkeepah
It's cargo-culted from the (very good!) practice of showing the user a secret they pre-selected before asking for their pw (kills phishing).
2 replies 0 retweets 0 likes -
Replying to @RichFelker @xkeepah
why does it kill phishing; can’t the phisher send the username to the real site and then present the pre-selected secret on the fake site?
1 reply 0 retweets 0 likes -
Replying to @alt_kia @RichFelker
My assumption is that the "real" site must have some method of forbidding multiple login attempts, otherwise yeah.
1 reply 0 retweets 0 likes
Yes, it doesn't really kill phishing (except trivial forms) by itself, but allows them to see something sketchy going on.
12:04 PM - 13 Jul 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.