[Lammy]

The implementation may be bad but it seems like the same idea to me, “user must interact with UI before entering credentials”.

[olyjohn]

Except you don't have to. Just start typing your password.

[Lammy]

Yes, that’s why it’s a bad implementation of a good idea.

[int_19h]

Even if you had to, it's still a bad idea. Ctrl+Alt+Delete works, because no normal Win32 app can intercept this - so if you do it, and you see a login box, you know that this is the real thing.

But any app can go fullscreen and draw a fake login screen that you can swipe up to show a fake login form.