Login/Registration: why is not telling the users they got their username wrong during login, if registration already hint username existence?
It’s considered a best practice in security for login form to provide a vague error message
your username or password is wrong
rather than the more precise:
username does not exists
wrong password
the understandable justification is th… Continue reading Login/Registration: why is not telling the users they got their username wrong during login, if registration already hint username existence?