How is a two-step login better than single-step when you have a password manager?
I am using a browser-based password manager. For most websites the login workflow is:
- Go to login page. Both username and password field are visible.
- Credentials are auto-filled by password manager. If there are multiple credentials associated with this site, the first set is picked.
- (Optional) Select alternate credential set from a dropdown.
However, some websites (for example Google Accounts) have a two-step login. First you fill in your username and hit next, a new page loads, then you fill in your password and hit next, now you are logged in. (Note: So I don't mean two-factor authentication.)
With a password manager this becomes:
- Go to login page. Only username field is visible.
- Username credential is auto-filled by password manager. If there are multiple credentials associated with this site, the username from the first set is picked.
- (Optional) Select alternate credential set from a dropdown. Username from that set is filled in.
- Click Next. Password field is now visible.
- Password credential is auto-filled by password manager. If there are multiple credentials associated with this site, the password from the first set is picked.
- (Optional) Select alternate credential set from a dropdown. Password from that set is filled in.
So, if I have multiple credentials associated with a website, it is more difficult to log in with a password manager. If I don't want to use my default credentials, I must remember step 3 and 6, otherwise a bad username-password pair are picked.
Password managers are generally considered a best practice these days, including for everyday users. So I assume the UX designers must be deliberately breaking the workflow for "a user with multiple credentials stored in a password manager". Why? What benefit is gained from a two-step process that makes it preferable to a single-step process?