|
|
|
|
|
|
by gingerlime
4993 days ago
|
|
|
I'm not saying you're completely wrong here, but from a security standpoint, as a site owner, you really don't want to give any information that can be used against you, and your own users. To put it bluntly, this approach is kinda "you're not a user deserving a 'user-experience' until you actually proved that you are a real user". I think it really depends on the type of site and its concerns about security. I'll give you two extreme examples: * A hobbyist site for knitting, targeted at elderly people. Perhaps it should care more about the user experience, helping people to login even if they made a typo, than to protect from hackers finding out which email accounts exist on the site. * Some bizarre highly-personal fetish site. Knowing whether or not an email address is registered on this site is in itself something worth protecting. Not to mention increasing the chances of then being able to hack into one of those accounts. Basically what I'm saying is that security is almost always a trade-off, and it depends on the site and its user expectations. |
|
|