Hi,
I've noticed that in the base policy below (but I think it's the same for other base policies) there's a default message displayed to the user when a wrong password is entered. I'm wondering whether this might be the best default message in terms of security, especially for a new developer that still doesn't know really well everything is in the policies. Maybe for the default message provided by the starter pack something like "Your username and/or password is/are incorrect" would be more appropriate.
Thanks.
Hi, I've noticed that in the base policy below (but I think it's the same for other base policies) there's a default message displayed to the user when a wrong password is entered. I'm wondering whether this might be the best default message in terms of security, especially for a new developer that still doesn't know really well everything is in the policies. Maybe for the default message provided by the starter pack something like "Your username and/or password is/are incorrect" would be more appropriate. Thanks.
https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/blob/ee4832db16a226416eac1de3bd96d4a5eacff790/LocalAccounts/TrustFrameworkBase.xml#L414