Why do some login flows hide the password field until after you submit your username?
I see this more and more lately: go to log in to some site, and they only show the username field. Enter username, click Submit, then a password field appears. Enter password, click Submit again, and then we're logged in.
This makes using a password manager super annoying, because I have to trigger the autofill twice.
Is there some security-related reason more sites are doing this? Is it an anti-bot thing? I'm just really curious, because it seems so pointless on its face, but it seems to be spreading.
This makes using a password manager super annoying, because I have to trigger the autofill twice.
Some - if not most - password managers let you configure the auto-type-sequence for each password individually (e.g. KeePassXC). Just change the default {USERNAME}{TAB}{PASSWORD}{ENTER} to {USERNAME}{ENTER}{DELAY X}{PASSWORD}{ENTER} with X being a delay in milliseconds that pauses the sequence until the new page has loaded completely.