login - Which error message is better when users entered a wrong password? -
is there differences between next 2 error messages security point of view when users entered wrong password?
wrong username or password.
wrong password.
for example, when come in wrong password on gmail.com, tell "the username or password entered incorrect". there considerations security reasons? think error message: "the password entered incorrect" more clear users, and, what's more, it's easy check whether username exists on gmail.com: click "can't access account?" , come in username. if username doesn't exists, tell you.
the thought not give hackers information. if wrong password, you've told hacker have right username, , vice-versa. although you've said true, on sites possible determine if you've guessed username via other means.
login passwords security
No comments:
Post a Comment