Do the Two-Step

It’s time to go log in to the system to do the thing. The login form simply asks for your username or email address. After authenticating with it, your password manager obliges in filling this out. You’re then taken to a separate page with a new form asking for your password, and your password manager requires you to authenticate with it again in order to fill this out.

This pattern is an annoyance for any account on a system that uses a standard password flow to login. Look, I get it – this pattern is perhaps the most practical antidote to Choose Your Login Provider, but it makes the experience much more frustrating to anyone not using Single Sign On, especially those whose password managers require authentication on every autofill interaction.

This pattern is a tradeoff of making something less frustrating for one group at the expense of making it more frustrating for another group. I don’t know if there’s really any way to avoid a Login Bingo square if you offer OAuth / Single Sign On logins. Such is the cost of that sweet, sweet Enterprise money.

If autofill were able to fill out undisplayed fields, one could theoretically hide the field until deciding the next step in the login flow until the email address is known, and then display the password field if needed. I suspect this would be tricky to implement well, and it relies on the behavior of third-party software.

Personally, when I’ve needed to sign in with some account belonging to some company’s Google Apps organization or the like, I can never remember if I had a created a password for service or not anyway; what happens for me is I check my password manager, find it lacking, and assume I have to reset my password because it never got saved properly. Then the password reset flow tells me that I can’t reset my password because I’m supposed to use SSO.