* If the user enters an unknown secondary email, redirect them to the /signup page.
* If the user arrives with a known secondary email in storage, show the password field.