"Sorry, we don't have a <name> in our database" isn't misleading. If the user en... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		spion on Dec 1, 2014 \| parent \| context \| favorite \| on: “Invalid username or password” is a useless securi... "Sorry, we don't have a <name> in our database" isn't misleading. If the user enters an incorrect password too, the subsequent message "Invalid password for <name>" will let them correct it.

why-el on Dec 1, 2014 [–]

Perhaps misleading was the wrong word, but as you said it yourself, saying that would lead to a user experience that is much worse than a simple "Bad experience", which is exactly my point.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact