Why do banks separate username/password?

[Aperture]

If you go to any major online banking site, you'll probably notice that the login separates the username & password onto two separate pages. Why do this? What is the security advantage?

 

[MacDawg]

Neither of my 2 banks do this

Woof, Woof - Dawg

 

[slpdLoad]

Mine does this. Also, when I'm at the password stage, there's a picture and a phrase that I added that is unique to my account. Makes it much harder to spoof the site that way, although I'm not sure about the multiple page thing.

 

[angelwatt]

Mine does this. Also, when I'm at the password stage, there's a picture and a phrase that I added that is unique to my account. Makes it much harder to spoof the site that way, although I'm not sure about the multiple page thing.

Ditto with my bank. The separate page thing is to make it a little harder to spoof the session, as well as giving the system a chance to find the image associated with your account so it can be shown to you.

 

[NoNameBrand]

Wait. How does showing you stuff you've uploaded after you've given one part of the authentication help stop spoofing?

My spoof site looks like your bank site. You enter your username and click the button to go to the next page. My spoofing site goes to your bank's site and performs the same operation, getting the content you provided to the bank, and then showing them to you on the next page. Spoof continues unhindered.

Or am I missing something?

 

[angelwatt]

Wait. How does showing you stuff you've uploaded after you've given one part of the authentication help stop spoofing?

No uploading involved. As I said, it makes it harder, not stops it. I'm sure they do other stuff on that back end as well to help detect spoofing. Also, you're talking about a phishing site, whereas the spoofing I'm referring to involves the session variable on the server.