I see this more and more lately: go to log in to some site, and they only show the username field. Enter username, click Submit, then a password field appears. Enter password, click Submit again, and then we’re logged in.
This makes using a password manager super annoying, because I have to trigger the autofill twice.
Is there some security-related reason more sites are doing this? Is it an anti-bot thing? I’m just really curious, because it seems so pointless on its face, but it seems to be spreading.
As others have said, likely SSO related. We do this with our sites at the company I work for. Some sites are internal, some are client-facing. But you can be logged into all at the same time through one SSO portal. If you’re an internal user, you’re redirected over to the internal SSO after entering your email, whereas external users get a generic password screen.