Splunk Search

UX question about login page community.splunk.com

inventsekar
SplunkTrust
SplunkTrust

Hi All, one question related to community.splunk.com login page.. 

so on the login page, we get username textbox, after entering and then enter key or tab key, then only the password textbox appears. 

i would like to understand why this design please. is it related to some security things? is it "too much" safe and secure from providing a simple username and password textbox together visible. 

may i know some info please. thanks. 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
Labels (1)
Tags (1)
0 Karma
1 Solution

kennetkline
Path Finder

Yes, definitely a security tactic.

CrowdStrike, Banking, other sites I have seen this on recently to name few.

Designed to slow down attackers (not make site a SOFT target to automated password probing using accounts / passwords harvested and/or probably obtained on darkweb.

Separating the logins; also break most password safe autologins, saved credentials in browsers (I think too).  This allow site to also inject additional steps as going to a 2 or 3 step login

username/mobile, then maybe duo/2-step/google authenticator, then password or vise versa before login.

Too many people use the same passwords across multiple websites.   The lesser than determined will choose softer targets.

 

View solution in original post

inventsekar
SplunkTrust
SplunkTrust

bump ...waiting for some more interesting info please..let me wait for a day or two and solve this question. thanks!

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma

bowesmana
SplunkTrust
SplunkTrust

@inventsekar 

I think probably @richgalloway might have created this Splunk idea, so go vote for it

https://ideas.splunk.com/ideas/PORTALSID-I-47

 

inventsekar
SplunkTrust
SplunkTrust

ah, nice to know that.. i did cast my vote(number 22).thanks.

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma

kennetkline
Path Finder

Yes, definitely a security tactic.

CrowdStrike, Banking, other sites I have seen this on recently to name few.

Designed to slow down attackers (not make site a SOFT target to automated password probing using accounts / passwords harvested and/or probably obtained on darkweb.

Separating the logins; also break most password safe autologins, saved credentials in browsers (I think too).  This allow site to also inject additional steps as going to a 2 or 3 step login

username/mobile, then maybe duo/2-step/google authenticator, then password or vise versa before login.

Too many people use the same passwords across multiple websites.   The lesser than determined will choose softer targets.

 

inventsekar
SplunkTrust
SplunkTrust

solved it... if anybody still got some views/suggestions, you are welcome! thanks!.. i will update karma points for all good replies!

 

Best Regareds

Sekar

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma

inventsekar
SplunkTrust
SplunkTrust

Sure, i got it... yep, perfectly a better security practice. thanks @kennetkline ..

i will wait for some more views/suggestions and then accept this as solution in a two/three days

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...