I was just prompted to log into the BBC website (https://ssl.bbc.co.uk/id/signin). When entering my username i got a nice green tick - i took this to mean that the username existed (is this itself bad practice?). When i entered my password i got another green tick - this was more confusing. Was it checking my password before i'd clicked signin? That would be weird. But no, it was just checking it met the password policy for length etc.Is this necessary or useful on a signin page? I found the message confused so once again, a debate on best UI practices for signing pages.