|
|
|
|
|
|
by danw3
4154 days ago
|
|
|
There was a decent article (I think it was on HN) a while ago that argued against this type of generic error message. The basic idea is that you can very easily discover whether the email is valid or not by attempting to create an account with that email (in most cases). It's trivially easy to either verify that the email you are trying to use is valid, or even build a database of valid email addresses to crack by attempting to create accounts. So why bother with generic error messages at all. It is not really buying you anything on the security end and it seems like it is sacrificing some usability. |
|
|