Various sites use a multi-page login. On the first page the user is chosen (i.e. email address), and on the second page, a password is given.
Many banks use it, Google has this also.
I first thought this could prevent phishing, but actually it would not. What makes this more secure, why are banks using it? It feels like a cargo cult to me: "they use it, we better do that too."
Google also released info about it (this is all I found):
This new Google account sign-in flow will provide the following advantages:
- Preparation for future authentication solutions that complement passwords
- Reduced confusion among people who have multiple Google accounts
- A better experience for SAML SSO users, such as university students or corporate users that sign in with a different identity provider than Google
But that does not seem compelling to me.
