> You can provide a more helpful error message by explicitly informing the user that the username they typed exists but they haven't offered the correct password for it.
The parent poster already addressed that though:
“If you mistype your username, you might have entered another, existing username. Just telling the user 'wrong password' will mean they are less likely to check that the username was correct.”
If you inform the user the username they typed exists, the chance of them not thinking about double-checking they didn’t mistype their own username increases.
"telling the user that the username they typed exists, but they haven't offered the correct password for it" - is extremely different from Just telling the user 'wrong password'. It's different because it provides more information
>If you inform the user the username they typed exists, the chance of them not thinking about double-checking they didn’t mistype their own username increases.
That seems to be a user problem first of all, because it's based on the user's mistaken belief about the uniqueness of usernames. If possible, it would be best to help the user understand this.
The parent poster already addressed that though:
“If you mistype your username, you might have entered another, existing username. Just telling the user 'wrong password' will mean they are less likely to check that the username was correct.”
If you inform the user the username they typed exists, the chance of them not thinking about double-checking they didn’t mistype their own username increases.