Agreed, and also makes it readily known that that is what you are doing.
The sneakier more user friendly way to implement it would be to require the second correct attempt only if the user has made an incorrect attempt since the last successful login.
Agreed, and also makes it readily known that that is what you are doing.
The sneakier more user friendly way to implement it would be to require the second correct attempt only if the user has made an incorrect attempt since the last successful login.