cheeseytoastie
commented
8 years ago I've added a comment for now that this is NOT best practice.. I think you're right and when I get time I'll update the blog post so we can send a different "You're already registered you banana" style email.
You're disclosing a lot of information currently when a user tries to do log in, reset, etc. Example: https://github.com/cheeseytoastie/UmbMembersFullTutorial/blob/master/Controllers/Account/MemberRegisterSurfaceController.cs#L36
Great, now I know that a certain email address has an account on this site, now I can start sending them phising mails. Or maybe they might be embarrassed to be a member on that particular site. This is all described here: https://www.troyhunt.com/everything-you-ever-wanted-to-know/