[red_admiral]

Several large sites, including google/gmail and MS, do this so they can offer separate corporate versions of their cloud products. When you enter your username, it checks whether this is a consumer or corporate username, then the password page you see actually comes from a completely different page.

Try going to login.microsoftonline.com which has both a username and a password field and then type "alpha@bristol.ac.uk" into the username field and TAB out (this is not a real username by the way). You'll be redirected to the Bristol version of the sign-in page and get to see a nice picture of their university tower.

On gmail, once you've entered your e-mail address, if it's from a computer it recognises (some combination of cookies and IP address) then the password page will show your avatar, if it's from an unknown computer it won't. I guess this provides a very small signal that can be helpful in detecting phishing.

[natdempk]

The terminology you're looking for here regarding the differing logins for different organizations is Single Sign-On (SSO) Providers. There are a bunch of different methods of implementing SSO, and companies that offer this as a service. Using the two-step login allows Microsoft, Google, etc. to redirect users to authenticate with their associated SSO Provider based on their username, or in this case email address domain, so that this login can be shared across other services a company utilizes.

[DelaneyM]

SSO has nothing in particular to do with two-step login.

Two-step login is just a way of getting a branded experience in front of the user as soon as possible, nothing more. It is neither necessary nor indicative of SSO (which you have described correctly.)

[rblatz]

>Two-step login is just a way of getting a branded experience in front of the user as soon as possible, nothing more. It is neither necessary nor indicative of SSO (which you have described correctly.)

That might be part of it, but the real point is companies do not want others to MITM their user's passwords.

[teddyc]

The custom Microsoft login for the university example cited is an implementation of SSO