I just made my first Lemmy PRrosenjcb@lemmy.world to Technology@lemmy.world – 182 points – 1 years agogithub.comLet's gooooooooo20Post a CommentPreviewYou are viewing a single commentView all commentsShow the parent commentThere should be an error, but it shouldn't say whether it was the email or password that was wrong.Fair point!An attacker would still know the account exists, and they would know the password did not match. _Or_ you're assuring them that specific password is used by some account, just not this one. Which is even worse.Read the comment you're responding to, again. Nothing about their suggestion leads to either of these scenarios.Right, I misread "shouldn't" for "should".
There should be an error, but it shouldn't say whether it was the email or password that was wrong.Fair point!An attacker would still know the account exists, and they would know the password did not match. _Or_ you're assuring them that specific password is used by some account, just not this one. Which is even worse.Read the comment you're responding to, again. Nothing about their suggestion leads to either of these scenarios.Right, I misread "shouldn't" for "should".
An attacker would still know the account exists, and they would know the password did not match. _Or_ you're assuring them that specific password is used by some account, just not this one. Which is even worse.Read the comment you're responding to, again. Nothing about their suggestion leads to either of these scenarios.Right, I misread "shouldn't" for "should".
Read the comment you're responding to, again. Nothing about their suggestion leads to either of these scenarios.Right, I misread "shouldn't" for "should".
There should be an error, but it shouldn't say whether it was the email or password that was wrong.
Fair point!
An attacker would still know the account exists, and they would know the password did not match._Or_ you're assuring them that specific password is used by some account, just not this one. Which is even worse.Read the comment you're responding to, again. Nothing about their suggestion leads to either of these scenarios.
Right, I misread "shouldn't" for "should".