|
|
|
|
|
|
by dpavlenkov
5719 days ago
|
|
|
Your username is incorrect, but password ok! Seriously, login is not the place to be helpful. On the contrary, for security reasons, the login control should be hard to find, and the error messages should be cryptic, like "ehh". You can reward their patience on the other side. |
|
|
1) If your login form annoys me it's very likely that I won't be using your service e.g the HN OpenId login is pretty much broken if I have noscript enabled so if there wasn't a normal login I wouldn't be here. So yes, it should be helpful. I'm not a mind-reader and I don't like to play mind-games so if I do something wrong then I expect to be told what I did wrong.
2) I'm not sure how that helps security. If a human can find the login form it means a human can write a program(i.e a bot) that can also find that form...
2.5) For security reasons, I've never and understood this or where it came from. If your service allows login then in almost all cases it also allows registration. I can understand if you're among those who feel the need to annoy users that try to register by telling then that there's an error in the form they submitted with no indication of what that error is but otherwise you will return some error if they try to signup with an existing username. This boils down to one extra step to find out if the username is wrong or not. For a human that might be tedious. Even if you give vague error messages at registration it's still trivial to use this same vague error message to figure out if a username exists or not.