Hi All, one question related to community.splunk.com login page..
so on the login page, we get username textbox, after entering and then enter key or tab key, then only the password textbox appears.
i would like to understand why this design please. is it related to some security things? is it "too much" safe and secure from providing a simple username and password textbox together visible.
may i know some info please. thanks.
Yes, definitely a security tactic.
CrowdStrike, Banking, other sites I have seen this on recently to name few.
Designed to slow down attackers (not make site a SOFT target to automated password probing using accounts / passwords harvested and/or probably obtained on darkweb.
Separating the logins; also break most password safe autologins, saved credentials in browsers (I think too). This allow site to also inject additional steps as going to a 2 or 3 step login
username/mobile, then maybe duo/2-step/google authenticator, then password or vise versa before login.
Too many people use the same passwords across multiple websites. The lesser than determined will choose softer targets.
bump ...waiting for some more interesting info please..let me wait for a day or two and solve this question. thanks!
I think probably @richgalloway might have created this Splunk idea, so go vote for it
https://ideas.splunk.com/ideas/PORTALSID-I-47
ah, nice to know that.. i did cast my vote(number 22).thanks.
Yes, definitely a security tactic.
CrowdStrike, Banking, other sites I have seen this on recently to name few.
Designed to slow down attackers (not make site a SOFT target to automated password probing using accounts / passwords harvested and/or probably obtained on darkweb.
Separating the logins; also break most password safe autologins, saved credentials in browsers (I think too). This allow site to also inject additional steps as going to a 2 or 3 step login
username/mobile, then maybe duo/2-step/google authenticator, then password or vise versa before login.
Too many people use the same passwords across multiple websites. The lesser than determined will choose softer targets.
solved it... if anybody still got some views/suggestions, you are welcome! thanks!.. i will update karma points for all good replies!
Best Regareds
Sekar
Sure, i got it... yep, perfectly a better security practice. thanks @kennetkline ..
i will wait for some more views/suggestions and then accept this as solution in a two/three days