I'm wondering how did cybersecurity idiots come up with the idea not to fill in a login form and send user credentials at once like it was in good old days, but to require user to enter his credentials sequentially (some sort of "wizard style") and send them using two requests?
What is this BS for? To make determining what logins on this site are valid for an attacker easier?