Closed FrankreedX closed 1 month ago
solderq35
commented
2 months ago EDIT: Also not sure if it's a good idea to hide "incorrect password" in general. If a specific email (e.g. coach's email) is already known anyways, obfuscating "incorrect password" message will not fool them.
solderq35
commented
2 months ago Colby suggested changing the username and password errors to "Incorrect username / password"
FrankreedX
commented
2 months ago EDIT: Also not sure if it's a good idea to hide "incorrect password" in general. If a specific email (e.g. coach's email) is already known anyways, obfuscating "incorrect password" message will not fool them.
But it wouldn't hurt either. It'll help in cases where both are unknown.
FrankreedX
commented
2 months ago I think we also need to remove "Incorrect password" message from user profile settings (changing password)
I think this one should stay, but it'll be kinda jank because it returns the same error as the login screen
Gehrkej
commented
1 month ago I think we also need to remove "Incorrect password" message from user profile settings (changing password)
I think this one should stay, but it'll be kinda jank because it returns the same error as the login screen
I would agree this one is find to stay. If a user is already in their account than they should be able to get more specific feedback as malicious users or hackers probably would already have the password if they already got access to the account.
closes #267