META: Misleading error message on using wrong username
post by RolfAndreassen · 2010-11-27T22:07:52.104Z · LW · GW · Legacy · 3 commentsI attempted to log in from a computer I don't usually use, and entered my username as "Rolf Andreassen", two words; in fact it's "RolfAndreassen", one word. The error message I got back was "Incorrect password", which is misleading. Not until I tried to recover my password did I realise my mistake. Clearly this is an unusual edge case, but I suggest updating the code to give back "No such user" when someone makes this mistake.
3 comments
Comments sorted by top scores.
comment by wnoise · 2010-11-29T12:42:18.860Z · LW(p) · GW(p)
There are (mild) security reasons to not let attackers know if the username is valid or not. It's pretty useless here as /user// will reveal this. In other contexts, the message typically acknowledge the possibility with "incorrect password or username".
comment by David_Allen · 2010-11-27T23:21:36.853Z · LW(p) · GW(p)
If you look at the bottom of the page you will see a Report Issues link.
Replies from: Vladimir_Nesov↑ comment by Vladimir_Nesov · 2010-11-28T16:37:32.451Z · LW(p) · GW(p)
The link leads to a page which previously linked to the bug tracker, but on 19th October 2010 someone edited it, so the link was lost. I restored the content of that page, it points to bug tracker again now.