Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

UX question about login page community.splunk.com

inventsekar
SplunkTrust
SplunkTrust
‎10-23-2020 04:56 PM

Hi All, one question related to community.splunk.com login page.. 

so on the login page, we get username textbox, after entering and then enter key or tab key, then only the password textbox appears. 

i would like to understand why this design please. is it related to some security things? is it "too much" safe and secure from providing a simple username and password textbox together visible. 

may i know some info please. thanks. 

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kennetkline
Path Finder
‎10-23-2020 07:04 PM

Yes, definitely a security tactic.

CrowdStrike, Banking, other sites I have seen this on recently to name few.

Designed to slow down attackers (not make site a SOFT target to automated password probing using accounts / passwords harvested and/or probably obtained on darkweb.

Separating the logins; also break most password safe autologins, saved credentials in browsers (I think too).  This allow site to also inject additional steps as going to a 2 or 3 step login

username/mobile, then maybe duo/2-step/google authenticator, then password or vise versa before login.

Too many people use the same passwords across multiple websites.   The lesser than determined will choose softer targets.

 

View solution in original post

Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎10-26-2020 07:25 PM

bump ...waiting for some more interesting info please..let me wait for a day or two and solve this question. thanks!

0 Karma
Reply
Solved! Jump to solution

bowesmana
SplunkTrust
SplunkTrust
‎10-26-2020 07:30 PM

@inventsekar 

I think probably @richgalloway might have created this Splunk idea, so go vote for it

https://ideas.splunk.com/ideas/PORTALSID-I-47

 

Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎10-26-2020 07:35 PM

ah, nice to know that.. i did cast my vote(number 22).thanks.

0 Karma
Reply
Solved! Jump to solution
Solution

kennetkline
Path Finder
‎10-23-2020 07:04 PM

Yes, definitely a security tactic.

CrowdStrike, Banking, other sites I have seen this on recently to name few.

Designed to slow down attackers (not make site a SOFT target to automated password probing using accounts / passwords harvested and/or probably obtained on darkweb.

Separating the logins; also break most password safe autologins, saved credentials in browsers (I think too).  This allow site to also inject additional steps as going to a 2 or 3 step login

username/mobile, then maybe duo/2-step/google authenticator, then password or vise versa before login.

Too many people use the same passwords across multiple websites.   The lesser than determined will choose softer targets.

 

Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎10-29-2020 06:53 PM

solved it... if anybody still got some views/suggestions, you are welcome! thanks!.. i will update karma points for all good replies!

 

Best Regareds

Sekar

0 Karma
Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎10-23-2020 08:25 PM

Sure, i got it... yep, perfectly a better security practice. thanks @kennetkline ..

i will wait for some more views/suggestions and then accept this as solution in a two/three days

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...