Where before, Gmail users would enter their username and password on the same page, the new login flow separates this process. Now, you’ll first enter your username, then be directed to a second page where you enter your password. Some complain that this change slows them down, while others point out that the update has broken their ability to log in using various password managers.
According to Google, the change was implemented to prepare for “future authentication systems that complement passwords.” The company is vague on the details as to what those may be, but may be referencing other methods to secure accounts like two-step/two-factor authentication, hardware dongles, or perhaps even some web-based variation of Android’s “Smart Lock” system.
That latter item allows Android users to keep their devices unlocked when they have a trusted Bluetooth device connected, are in a trusted location, have the device on their person (“on body detection”) or the device recognizes their face. While Google obviously wouldn’t say what it has planned for Gmail on the web in the future, like everyone else in the industry, it knows that securing accounts by way of a username/password combination is far from ideal.
Google already separated its login flow on Android last year in order to support such features, so it’s interesting that the company is now doing the same on the web.
In addition to whatever future login methods Google aims to support, the company notes that the new system will be a “better experience” for SAML SSO users, meaning corporate users or students, who sign in with a different identity provider than Google, and will “reduce confusion” among people who have multiple Google accounts.
Those two points are debatable, however. So far, the responses to Google’s announcement have not been too positive. Users are complaining that the change wastes time, as it now displays two pages where there used to be one. Others have been bothered by the fact that entering their user ID then displays their full name and sometimes even their photo before they confirm their identity by way of their password, which they feel is a privacy violation.
And of course, most of the popular password managers used today now don’t work with the new Gmail login screen, though this is likely a temporary situation. (LastPass, for example, says its fix will be released today).
Clearly this change is an incremental step between the old way of doing things, and some future where Google hopes to augment or otherwise improve logins either by adding another layer on top of the password entry, or by doing away with the password altogether. But rolling it out before this “better” system is fully introduced has confused a number of users, it seems.