Google splits Sign-in process into two pages
If you have signed in to your Google account on the Gmail website or other Google properties recently you may have noticed that the sign-in process has changed.
Google split the sign-in process so that it is a two-step process now instead of a single one.
The first page asks for your email address but not the password. You need to click on next first to load the page where you can enter your Google account password to complete it.
If you are already known on the computer, the first step is skipped and you are taken to the second step of the authentication process instead. There you find listed the email address of the account and the profile picture of the account or the default one.
Previously, both the username (usually an email address) and password were entered on the same page.
You are probably wondering why Google made the change. According to a post on the official Gmail help forum, for the following reasons:
- Reduced confusion among people who have multiple Google accounts.
- In preparation for future authentication solutions.
- To improve the experience for SAML SSO users.
While Google wants you to believe that this is not a step back but a step forward in terms of user experience, responses on the official Gmail help forum have been mostly negative.
User complaints concentrate on several different aspects. First, the sign-in process takes longer to complete as it is now separated on two pages. Even if you use a single account only, you have to go through the same process as multi-account customers.
While the process may require the same number of clicks to sign-in, it breaks the flow for users who used the keyboard (tab-key) to switch between fields to login.
Second, the new process breaks most password managers which cannot fill out form information automatically anymore or sign you in automatically. At least some password managers will update their programs or offer solutions for the new Google sign-in process.
LastPass, makers of the popular online password manager, have posted instructions already that explain how to configure the program to take the new flow into account. Basically, users need to remove the Google account from the vault first and use the password managers "Save all entered data" feature afterwards to add it again to it.
KeePass users who use the program's Auto-Type feature may use the Delay command, e.g. {Delay 1500} to take the process into account, e.g. {Username}{Enter}{Delay 1500}{Password}{Enter}. The delay pauses the process (in milliseconds) to take the page loading time into account.
The reasons that Google give are debatable at best. One does not apply yet as the future authentication solutions are not available yet that Google refers to. As far as confusion among multi-account owners is concerned, it would be interesting to see statistics about that and the same is true for SAML SSO users.
Even if you take both user groups together and assume all benefit from the change, it is likely that the merged group is not as large as all single-account owners.
Now You: What's your take on the change?
TWO-PAGEG.LOGIN IS A F@n HACK!
OMG look at dev tools, inspect
element!!@$#&#?$ u peeps.Dont
U see yr Goog Anything? login
is through a chomo criminal
Verizon network employee’s YOU-
TUBE ACCOUNT! double Page signin
is done to make sure harassment
victims of Verizon’s employee
run Malware Mafia can b singled
out for crippled access to their
G Accts. Using the “Backtrack”
app/feature that key-logs ALL
your data& settings actions You
make online, they “back-step”
Your sessions’ decisions..RECORD
YOUR ACCOUNT ACTIVITY. INSPECT
ELEMENT ON G PAGES, KILL VERIZON!
Ma Bell died for lesser crimes!
Hate it. Hate it like most of the changes tech geeks have been making to software. It is slower, harder to use and options are buried in unintuitive headings and menus that are almost impossible to remember where all the time and then once you do they change it again. But that’s another rant. I prefer speed and ease. Knock it off google. We are trying to simplify our lives.
don’t like it.
Thanks, the {Username}{Enter}{Delay 1500}{Password}{Enter} sequence also works for autotype yahoo login on KeePass.
The arrogant google employee thinking goes something like this “we’re a virtual monopoly, so we can annoy end users as absolutely as much as we feel like” – “and we’re going to spend our time tinkering around with every product’s UI just for the heck of it, to incessantly break end-user familiarity, instead of fixing THE BASICS FIRST like sending a deleted gmail DRAFT message TO TRASH instead of outer space.” – “oh, and FEWER UI options every year”.
The UA change trick doesn’t work anymore :( Is there any solution to get the old one-page login??? I really need it!
Oh FFS. I just dug into this a little more, and it looks like they’re bodging based on the user agent. Include the string “Iceweasel/” anywhere in your UA and you get the old one-page login.
There is a Debian user somewhere inside Google who *also* thinks this change is stupid.
My KeePass entry for this service has
Auto-Type:^a{USERNAME}{ENTER}{DELAY 1000}^a{PASSWORD}{ENTER}
The ^a pieces type a Control-A, which does a Select All on the contents of the current text field before auto-typing the username or password. This means that the auto-type still works even on browsers I’ve carelessly allowed to remember my Google credentials.
What *really* drives me nuts about this is that as of February 2016 I’m still seeing the old one-page login on *some* of my browsers, and of course the adjusted KeePass entry doesn’t work with that. If they’re determined to screw up their login page, I wish they’d at least be consistent about it.
Thanks for that note about the {Delay 1500} entry for Keepass, that was the piece I was looking for.
I also love (not) that the default for both the password field and the two-factor authentication field are ‘remember me’ because, way more secure that way. Fortunately an extra {tab} and a {space} before the {enter} removes that from the password entry and I only have to remember to uncheck it on the authentication screen. /sigh
Another brain-fart from the team who gave us 500 junk googleservices we don’t care about and the ubiquitous googleads.
When will they learn to LEAVE THINGS ALONE? They’re under no pressure to compete: Gmail once had massive users.
But, like MySpace and Facebook before them, they keep fixing what wasn’t broke until it becomes a ghost town. Chalk me up for the dreaded Hotmail route. Feels like 1996 …
i’m slowly migrating all my gmail to hotmail. i regret i can’t migrate off of youtube as well. google reminds me of corporate security at my old job before i retired.. any idea, good or bad, they just ram down your throat just because they can. we used to joke that if we just turned off the computers they’d be even more secure and just as usable. now i had better setup another backup e-mail account with ??? just in case microsoft follows this idiocy.
when I went to rant on the google product forum they still had a one page login. after i posted my comment i was automatically added to their notification list. to add insult to injury when i followed their directions to unsubscribe by sending an unsubscribe e-mail to [email protected] i then received “Delivery to the following recipient failed permanently:” the google security nazis can’t even get their own act together.
It’s annoying. Now not only Google. Also Microsoft follows suit and started to forcing same 2 steps process. It looks like this non-sense is going to stay here. I agree with the article. I do have multiple Google accounts, but the 2 step process doesn’t make it a better experience, so not sure why they mention.
The only benefit so far I see when using password managers such as LP, is if you have multiple Google accounts, you have to manually type out the email address first, in the 2nd step LP will enter the correct password for that email address.
Previously if both user name and password are together on the same screen, LP would sometimes overwrite the username and password as I type it in (because the page didn’t finish loading yet).
However if you are using LastPass following the best practices – it doesn’t work with the old login information. So you have to delete the login info and sage it by choosing “save all fields…”.
With more than one Google accounts, I need to update the sign in info for multiple accounts.. How about having specific links to Gmail, Drive, Blog etc all saved as separate login info on LastPass..
This is a major nuisance. Gmail doesn’t work anymore with Lastpass. How do google managers think you can manage your passwords in 2015 without a password manager??! For me google now officially sucks.
BTW, if you look for a one page login, try http://tinyurl.com/googlesugs . I am sure google wil lclose that loophole soon.
Moutain View is watching you. Not only do they know what you are doing where & when. They have enough information to predict your next move. And on top of that they keep that information for years. I have eradicated Google as much as possible. If I have to use it, its is on a separate browser private mode using VPN going through a private search engine to log in to google. When done cookies cache & history is removed & browser closed.
Thanks for the KeePass tip. It was quite annoying, since I had to manually copy/paste the username and password.
I dislike the new two page login, but if I use Opera I still get the old one page login. In addition, I can log into Yahoo Mail via Opera without being pestered to add the Yahoo Chrome Extension. Two nuisances eliminated at once, at least for the moment.
It’s pretty damn annoying of Google to force this lame ass process on us and call it something else. How is a two-page system making Gmail more secure? Oh wait it’s not, it’s just annoying the masses. This is why professionals use Outlook/Hotmail. Google is just a search engine and e-mail service to me and they’re actions are continually pushing me further away from ever using their services. Soon Nexus phones will have pins on them to take your blood to verify your identity LOL.
I find myself signing in through google voice (which retains the single login page) just to get to email without having to re-train Last Pass.
A real nuisance, noticed this 2 days ago and agree this is a backward step. Hope someone creates a script to bypass this.
Remember when Google were the *good* guys? I’m growing convinced that being listed on the stock market is the beginning of the end of every once good company.
Just amazing how large companies such as Google, Microsoft, Intuit, and even Mozilla can continually find ways to break products that are otherwise working just fine.
I never use it. Once I did and it quadrupled every bookmark. It’s a good thing I had backup copies. They can keep it. :(
This new method creates confusion, is slower and adds privacy issues.
Yeah, Google is always messing around with Gmail for no real good reasons, at least from a users perspective.
I have 6 different Gmail accounts for different business and personal reasons. I used to be able to list them on one page. Maybe a year ago, Google made that seemingly impossible by listing one account that they consider primary and then putting the link “Sign in with a different account” at the bottom. When you click that link , it shows the email account from the main page, and two buttons labeled “Add account” and “Remove”. Click “Add account” and you get taken to yet another page where you can type in an alternate email account address (nothing seems to be remembered). Once entered, you get the 2nd password page (as Martin describes). But even though you have “added an account”, GMail doesn’t remember this and the next time you need to go to that account, you have to access that account, you have to jump through all the same hoops over again. Sheeze!
My theory is that Google is trying to make it difficult to use multiple accounts because they really want you to use only ONE email account, which makes it easier to track what you are doing and aggregate the info for advertising purposes.
You can see this in their tagline at the bottom of the page where you enter your Gmail account that says “One Google Account for everything Google”.
And why does Google use this convoluted URL for Gmail logon? What do all the parameters mean and why are they necessary?
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1
Just another reason to stop using your browser to access gmail and get Thunderbird set up.
I noticed this 2 days ago or so my first reaction was “okaaaaay, I’ll play along” then it became “This is rubbish, has anyone created a script to bypass this”
Sadly there is not script yet but I am still hopeful there will be.
I’m getting weird results. If I visit https://www.gmail.com from my main browser (Palemoon 25.4.1 x64) I’m greeted with the awful new login system. Same address, same computer but SRWare Iron 41.0.2200.0 portable as browser (empty cache and history) and the old login page is shown.
wish they’d warn day before or so on changes like this, wasted time checking to make sure I wasn’t being spoofed into revealing pass.
two pages is slower than one page
(I manually enter all data so no password manager difficulties)
Double your pleasure and double your fun with double-log double-log, double-log gum …
Up to now I haven’t encountered this Embassy-like double entry process, no Google, no OneDrive account. But should the gadget go wild that applications and extensions which automatize the login process be embarrassed, which could lead some users to return to manual login, which could lead to a return to weak passwords. Absurd.
Google finds far too many ways of being annoying to end users, so I stopped using anything Google-related a while back, and always block anything Google-related whenever possible. Just my own opinion, of course, but I don’t see things regarding Google changing anytime soon.
I was presented with both sign-ins at random yesterday until about noon local (Toronto) time … since then, it’s been strictly the 2-page sign-in.
Are you sure that Google isn’t just testing this change? I’ve just logged in on my system (IP from Austria, latest Firefox) with the old one-page form.
It is rolling it out. Can be that the server you were connected to was still not switched to the new one.
And third page when you have stet two factor authentication?
Excellent question.
so i can see the user real name and photo only with username ? :D
No that is not possible. Google displays those information only if you were previously signed in on the computer.
Are you sure about that? I’ve used an incognito browser and tested my girlfriends username on the new login page — using my laptop, which she never uses — and it displays her real name.
According to Google, yes. It will only display those information if the computer was used before.
As if the change to two sign-in pages isn’t annoying enough, the “stay signed-in” box is automatically checked every time the second page appears. If you uncheck it before entering your password, it is automatically re-checked for you. Personally, I never check that box. Google gets to track enough of my movements throughout the day without me being constantly signed-in, so I’ll use whatever small bit of control they cede to me by not doing so.
Another change at Gmail. Guess it’s just folks from Google R&D are justifying their existence, as usual. Nowadays, this is the trend everywhere – let’s upgrade a service that is perfectly working for the users, if it is worse afterwards – hey, this is progress, they will adapt. Sick of it.
This is the problem of having an Indian at the helm in Google. Indian software engineers by nature does not value anybody’s privacy and enjoy irritating everybody.
Of course it’s a step back in terms of user experience. >.< I don't use them, but yes, it's exactly the same what Microsoft did with OneDrive website login. They claim, among other things, it's because the system needs to know in advance whether to load a personal or a business account. (So it may actually be quicker to login via Outlook.com and then go to OneDrive.)
(And then there are those sites that needs to be asked "Which part of browser setting 'remember passwords' do you not understand". I often read how Firefox changed this in version 38 (and some earlier versions) to make it actually remember all login credentials if users want it so… but there are sites that just won't work. Even those URLbox shortcuts don't cut it anymore.)
This is a stupid idea, but Google is not the only service implementing it. For instance, this is also how you authenticate for OneDrive, and thus proving that bad ideas spread quickly from one corporation to another.