Splunk Search

UX question about login page community.splunk.com

Super Champion

Hi All, one question related to community.splunk.com login page.. 

so on the login page, we get username textbox, after entering and then enter key or tab key, then only the password textbox appears. 

i would like to understand why this design please. is it related to some security things? is it "too much" safe and secure from providing a simple username and password textbox together visible. 

may i know some info please. thanks. 

Labels (1)
Tags (1)
0 Karma
1 Solution

Path Finder

Yes, definitely a security tactic.

CrowdStrike, Banking, other sites I have seen this on recently to name few.

Designed to slow down attackers (not make site a SOFT target to automated password probing using accounts / passwords harvested and/or probably obtained on darkweb.

Separating the logins; also break most password safe autologins, saved credentials in browsers (I think too).  This allow site to also inject additional steps as going to a 2 or 3 step login

username/mobile, then maybe duo/2-step/google authenticator, then password or vise versa before login.

Too many people use the same passwords across multiple websites.   The lesser than determined will choose softer targets.

 

View solution in original post

Super Champion

bump ...waiting for some more interesting info please..let me wait for a day or two and solve this question. thanks!

0 Karma

Influencer

@inventsekar 

I think probably @richgalloway might have created this Splunk idea, so go vote for it

https://ideas.splunk.com/ideas/PORTALSID-I-47

 

Super Champion

ah, nice to know that.. i did cast my vote(number 22).thanks.

0 Karma

Path Finder

Yes, definitely a security tactic.

CrowdStrike, Banking, other sites I have seen this on recently to name few.

Designed to slow down attackers (not make site a SOFT target to automated password probing using accounts / passwords harvested and/or probably obtained on darkweb.

Separating the logins; also break most password safe autologins, saved credentials in browsers (I think too).  This allow site to also inject additional steps as going to a 2 or 3 step login

username/mobile, then maybe duo/2-step/google authenticator, then password or vise versa before login.

Too many people use the same passwords across multiple websites.   The lesser than determined will choose softer targets.

 

View solution in original post

Super Champion

solved it... if anybody still got some views/suggestions, you are welcome! thanks!.. i will update karma points for all good replies!

 

Best Regareds

Sekar

0 Karma

Super Champion

Sure, i got it... yep, perfectly a better security practice. thanks @kennetkline ..

i will wait for some more views/suggestions and then accept this as solution in a two/three days

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!