dj snape

Two-Step Login Forms are Fucking Stupid.

In recent years a very tiny number of popular websites have started changing their login forms to require two separate form submissions, first the username, and second the password.

example of a two-step login form

This is a stupid idea. We are at a place in time where Password Managers are finally starting to catch on for regular use by regular people, which is fantastic. One of the coolest features of password managers is the ability to auto-type your username and password into login forms. Which the 2-step form completely breaks.

Let me tell you what’s going to happen. The future is Ease Of Use. The future of authentication is using a password manager that’s unlocked via a physical token such as a yubikey, biometric data, or some sort of “Master Passphrase”, and handles 100% of all authentication needs. Everyone who knows anything about authentication knows this is true. The point of computers is to automate tasks in order to simplify and improve our lives.

Automation of authentication requires login forms that are not confusing to password managers. The simplest way to deliver this is a standard 1-step login form with a Username – Tab – Password format.

The fact that certain developers decided to change tracks right at the moment in time when Password Managers are starting to pick up speed is evidence that those developers don’t have a fucking clue in their heads. So I am presenting you with a fucking clue. 2-Step Login Forms are Fucking Stupid.