[tuxxy]

The application doesn't know if the username you entered is actually yours or someone else's.

You could provide the correct password to your account 'test', but not 'ttest'.

The server just tells you to check both instead, it's more semantically correct and offers some security improvements with user enumeration.

[IshKebab]

It knows if it doesn't exist though. This whole thing is about sites that say "Username or password is wrong" when they know the username is wrong because it doesn't exist!

[dagw]

What if a username does exists, but isn't my username.

Imagine both 'dave' and 'davr' have an account. I'm 'dave', but I accidentally type 'davr' and my correct password. Now the site will tell me that my password is wrong. So I retype and retype my password over and over again and still can't log in, because the problem isn't the password like the error message says, but rather that I typed the wrong my username.

[tome]

Is it? I thought it was about sites that say "Username or password is wrong" when they know the username does exist! After all, the author is using his own, correct, username in the examples!

[tantanel]

The message is still not wrong if you think of "or" as the boolean or, not as the boolean xor. The system knows the username is wrong but it doesn't know anything about the password.

[Brinkintrots]

It's not wrong, it's just not as helpful as it could be.