|
|
|
|
|
|
by Nextgrid
1879 days ago
|
|
|
This one is a significant failure of our entire industry. We've somehow accepted that degrading user experience because of an implementation detail is good instead of working together to hide that implementation detail by implementing the necessary browser functionality. We already have technologies such as Kerberos that are supported in every browser and seem like they would solve this problem. In any case, as a website operator you can mitigate this. Have separate pages for SSO/non-SSO, dynamically hide the password field if the username is associated with an SSO provider, or just ignore the password field and have a subtitle along the lines of "leave password empty for SSO accounts". |
|
|