Last time you signed in to an account, did the first screen only prompt you for your username? Or did it want your password too?
If you were only asked for a username on that first screen, don’t be surprised. More and more, sites are separating the two, requiring a username first, and then asking for a password on a second screen. And it makes sense.
Who wouldn’t be a little confused when faced with an error message that says “either your username or your password may be wrong.” Which one? Do I click the “Forgot username” or “Forgot password” button? Or both?
In fact, it’s hard to think of a situation where separating username and password screens isn’t the right decision. Here’s five reasons why.
Reason #1: It’s a better customer experience
In many cases, a username is all you’ll need from your customer – especially if they’re logging in from a trusted device. If so, and they’ve enrolled in multi-factor authentication (MFA), they might be able to skip the password screen altogether, opting for a one-time SMS code or Face ID.
Reason #2: It’s more secure
It’s rare when the approach that’s more secure also makes for a better customer experience. But that’s the case here.
Splitting the two fields across separate pages makes it harder for bad actors to automate a brute-force attack. Brute-force attacks use programs that enter usernames and passwords over and over until they hit the jackpot. Separate screens means more work for the attacker, and that means they’re more likely to click over to another site and wreak their havoc there.
Reason #3: It makes adaptive authentication better
Another security benefit of breaking the sign-in process into multiple steps is that it’s easier to detect and block suspicious behavior – especially if you’re using adaptive authentication. Adaptive authentication is a new-ish best practice that adjusts the authentication process based on contextual factors like user behavior, location, or device. For a deeper dive check out this blog post we wrote about it.
By separating the username and password input screens, your customer identity and access management (CIAM) provider can evaluate a bunch of different signals as the customer enters their username. Then, when the authentication screen pops up, your CIAM system can dynamically adjust the required authentication steps based on how risky the user seems.
Reason #4: It lets you personalize the user experience
Splitting the screens makes it possible to create a bespoke sign-in experience based on the customer’s preferences. For example, some customers might have enabled MFA, others might prefer passwordless options, while some could have a specific risk profile that requires different steps in the sign-in journey. Separating username and password screens makes it possible to send the customer down the appropriate path.
In some cases, you may not have a choice. For example, if you’re using a federated identity provider or the customer is using single sign-on, you’ll need to identify the user's domain or organization before you let them authenticate. Here again, separate screens are a good choice because you can keep the username screen nice and simple. Then, once you know how you’re going to authenticate your user, you can keep that screen simple too by redirecting the customer to the appropriate site or app based on information in their username.
Reason #5: It keeps your login screen uncluttered
It’s easy for your sign-in screen to get cluttered and confusing really fast – even if your customer base is only mildly complex. If you’ve got social login options or a couple of different products, you might have upwards of 8 different things a user can click on if you try to jam everything onto one screen.
Splitting the username and password across two screens keeps each one simple by only offering the relevant options to your customer.
If it’s so great why isn’t everyone doing it (yet)?
If separating username and password screens is so great, why do so many sites still serve them up together on the same screen?
Perhaps the biggest perceived drawback of splitting up the username and password screens is that you’re effectively adding a second step (and click) to the sign-in process. Every step you add is another friction point for the customer. Or so the thinking goes.
The counter-argument, of course, is that while there are more clicks, each of them is simpler. And, when it’s done right, you can even engineer the password out of the equation much of the time. As long as the user feels like they are progressing toward their ultimate goal, an extra click (unless it’s something repetitive) isn’t a bad thing. In fact, since we’re asking for an identifier first, the net result is often fewer clicks overall.
From where we sit, separate screens is definitely the right way to go. And if you’re wrestling with the right approach for your site or app, we’d be happy to walk you through the pros and cons for your situation.
Connect with us to learn more.