Pattern 01
Identifier-first login
Ask for the identifier (email or phone) first, then branch to the correct authentication method for that account on the next screen.
Problem
Asking for username and password on the same screen forces one rigid flow for every user, even though the right next step (password, passkey, SSO, magic link) depends entirely on who they are.
Recommendation
Ask for the identifier (email or phone) first, then branch to the correct authentication method for that account on the next screen.
UX impact
Removes irrelevant fields, shortens the perceived flow, and lets returning users see personalized options like 'Continue with passkey' immediately.
Security impact
Enables risk-based checks (device recognition, rate limiting) before a credential is even entered, and avoids leaking password-field behavior to bots probing for valid accounts.
Implementation notes
Debounce identifier lookups server-side, return generic responses for unknown accounts to avoid enumeration, and cache the last-used method per device for returning users.