Dave_L

Username and password entry on separate pages

2 posts in this topic

Some newer web sites that require login have put the username and password entry on separate pages. I.e., you enter the username on one page and then are redirected to a second page for password entry. Is this considered to be more secure than the traditional method of entering the username and password on the same page?

Share this post


Link to post
Share on other sites

The only advantage I can see is that it slows down probes of a login system.  In addition to just the time to process two vs one screen, it would not be hard to slow roll repeated password tries for a given username.

You wouldn't want to look up username and slow roll sending the password screen for bad usernames. That would reveal when they got the first part correct.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now