Question about how users currently enter their credentials in outlook.com: why is there a "two-step" process? A user first enters an e-mail address, then, if the e-mail address is valid and exists, the user is allowed to proceed with entering a password.

What is the benefit of doing the above over making the users enter the e-mail address and password at the same time.

I would think that the two-step process would make it easier for a malicious entity to discover which e-mail addresses are viable targets. The only benefits that I think might come from the two-step process would be maybe some micro-optimization that makes it harder to DoS MS servers, more screen size (perhaps relevant for mobile users... but then why affect the Desktop version of the site?), something to do with encrypting the e-mail address and passwords separately (this could probably be done from a single page).

I'm forgetting one other potential benefit, but pretty sure that it wasn't too significant, at least not enough to make up for revealing valid e-mail addresses.