|
|
|
|
|
|
by MortenK
5002 days ago
|
|
|
That argument is actually adressed in the post: "The engineering team, ever mindful of security, argued that being generic about username and password errors makes it harder for bad guys to guess usernames by pounding the form with random words or email addresses. But after some further consideration, we decided that it was a false risk, as the username reminder form already tells you if a username exists, and is not a significant security risk for the bajilions of sites that have them". |
|
|