On this topic, I've noticed a lot of sites have split their sign-in forms into a two step process (submit username, then submit password). Does anyone know what this achieves? It seems like it would be trivial for an automated script to submit the form twice, but as a human I often have to open 1Password multiple times to navigate the process.
This is for SSO reasons. When you enter your email address they check whether SSO is activated for your email address (or whole company domain) and will redirect you. It is better for usability than requiring your users to enter some random password or keep the password input empty.
2-step signins are so annoying for those of us who don't use it. I imagine they are also annoying for people who use it because they still have to first type in their email address instead of just going to the google/fb/apple/etc page where they click on their identity.
Usually it is to detect the user is registered to (or their domain is mapped to) an account with SSO or Social Auth and prompt them for that login mechanism. If the user is being required to go via the SSO provider, it makes sense to ask for the email first before they input their password so that they can be redirected it neccesary.
This is useful when you have multiple methods to authenticate.
Maybe this user should be redirected to an oauth2 identity provider or maybe they should enter a password.
Good implementations of this will have a hidden password field for password managers to fill along with the username. You'll still need to press enter twice though.
For example: https://myaccount.nytimes.com/auth/login