Comment by mpetrovich
10 hours ago
I suspect they ask for email first in order to determine whether to log you in via SSO vs. require a password.
10 hours ago
I suspect they ask for email first in order to determine whether to log you in via SSO vs. require a password.
As someone who's built just that, can confirm. If users have SSO configured, or a Passkey, or any other policies apply, you first need to identify the account to be able to determine which options to offer - maybe they don't even have a password in the first place, so displaying the field would cause confusion. As a side effect, this also conveniently allows to check for blocked accounts.
I think it started with somebody like Yahoo!, who said that they that way could show your profile image or something and thus verify to you that this isn't a scam phishing site. I don't remember the complete argument, though.
But yeah, nowadays it's mostly SSO, I assume. Which is still annoying as on the SSO site I have to enter my mail address again (or rather: have my password manager doing it ;) ), which is an inconvenience and where I wonder how much of that is to collect data about companies where employees would like to use the service for having sales reaching out. In many places (like Slack or Zoom) company is picked by domain name (yourcompany.slack.com etc.) and then leading to the right SSO.
Ah, that would make sense.