I think It's not a security measure per-se, but just a way to provide optional multi-factor authentication.
When you submit your username/email the server can check to see if it's a suspicious or legit login attempt and render more or less additional input fields accordingly.
Most of us just see an email field on the first step and a password field on the second step and think its a bit silly but if you get prompted with additional fields based on some criteria it seems a pretty clean solution
In multi-factor authentication, the second factor is usually triggered after you successfully typed your password (otherwise anyone could flood people with SMS codes just by filling their e-mail address).
You could technically perform some security audit upon entering e-mail, e.g. if you keep tracking of login attempts. If there are 18493 successful logins from 1.1.1.1 and then someone tries to log in from 2.2.2.2, you could already alert an user about some suspicious attempt.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I think It's not a security measure per-se, but just a way to provide optional multi-factor authentication.
When you submit your username/email the server can check to see if it's a suspicious or legit login attempt and render more or less additional input fields accordingly.
Most of us just see an email field on the first step and a password field on the second step and think its a bit silly but if you get prompted with additional fields based on some criteria it seems a pretty clean solution
In multi-factor authentication, the second factor is usually triggered after you successfully typed your password (otherwise anyone could flood people with SMS codes just by filling their e-mail address).
You could technically perform some security audit upon entering e-mail, e.g. if you keep tracking of login attempts. If there are 18493 successful logins from
1.1.1.1
and then someone tries to log in from2.2.2.2
, you could already alert an user about some suspicious attempt.