|
|
|
|
|
|
by gingerlime
4992 days ago
|
|
|
Very good point. This should be mentioned on the blog post too, and maybe brought to the attention of the site owners. It definitely makes a stronger case for either: * avoiding giving away this piece of information on the forgot password screen or * telling the user whether it's their password or username that is wrong. You might want to take a look at this security stackexchange question http://security.stackexchange.com/q/13079/7306 update: I noticed this was in fact mentioned on / added to the blog post. |
|
|