Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

UX question about login page community.splunk.com

inventsekar
SplunkTrust
SplunkTrust
‎10-23-2020 04:56 PM

Hi All, one question related to community.splunk.com login page.. 

so on the login page, we get username textbox, after entering and then enter key or tab key, then only the password textbox appears. 

i would like to understand why this design please. is it related to some security things? is it "too much" safe and secure from providing a simple username and password textbox together visible. 

may i know some info please. thanks. 

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kennetkline
Path Finder
‎10-23-2020 07:04 PM

Yes, definitely a security tactic.

CrowdStrike, Banking, other sites I have seen this on recently to name few.

Designed to slow down attackers (not make site a SOFT target to automated password probing using accounts / passwords harvested and/or probably obtained on darkweb.

Separating the logins; also break most password safe autologins, saved credentials in browsers (I think too).  This allow site to also inject additional steps as going to a 2 or 3 step login

username/mobile, then maybe duo/2-step/google authenticator, then password or vise versa before login.

Too many people use the same passwords across multiple websites.   The lesser than determined will choose softer targets.

 

View solution in original post

Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎10-26-2020 07:25 PM

bump ...waiting for some more interesting info please..let me wait for a day or two and solve this question. thanks!

0 Karma
Reply
Solved! Jump to solution

bowesmana
SplunkTrust
SplunkTrust
‎10-26-2020 07:30 PM

@inventsekar 

I think probably @richgalloway might have created this Splunk idea, so go vote for it

https://ideas.splunk.com/ideas/PORTALSID-I-47

 

Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎10-26-2020 07:35 PM

ah, nice to know that.. i did cast my vote(number 22).thanks.

0 Karma
Reply
Solved! Jump to solution
Solution

kennetkline
Path Finder
‎10-23-2020 07:04 PM

Yes, definitely a security tactic.

CrowdStrike, Banking, other sites I have seen this on recently to name few.

Designed to slow down attackers (not make site a SOFT target to automated password probing using accounts / passwords harvested and/or probably obtained on darkweb.

Separating the logins; also break most password safe autologins, saved credentials in browsers (I think too).  This allow site to also inject additional steps as going to a 2 or 3 step login

username/mobile, then maybe duo/2-step/google authenticator, then password or vise versa before login.

Too many people use the same passwords across multiple websites.   The lesser than determined will choose softer targets.

 

Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎10-29-2020 06:53 PM

solved it... if anybody still got some views/suggestions, you are welcome! thanks!.. i will update karma points for all good replies!

 

Best Regareds

Sekar

0 Karma
Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎10-23-2020 08:25 PM

Sure, i got it... yep, perfectly a better security practice. thanks @kennetkline ..

i will wait for some more views/suggestions and then accept this as solution in a two/three days

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...