"telling the user that the username they typed exists, but they haven't offered the correct password for it" - is extremely different from Just telling the user 'wrong password'. It's different because it provides more information
>If you inform the user the username they typed exists, the chance of them not thinking about double-checking they didn’t mistype their own username increases.
That seems to be a user problem first of all, because it's based on the user's mistaken belief about the uniqueness of usernames. If possible, it would be best to help the user understand this.
Thank you for your comment, but I don't agree
"telling the user that the username they typed exists, but they haven't offered the correct password for it" - is extremely different from Just telling the user 'wrong password'. It's different because it provides more information
>If you inform the user the username they typed exists, the chance of them not thinking about double-checking they didn’t mistype their own username increases.
That seems to be a user problem first of all, because it's based on the user's mistaken belief about the uniqueness of usernames. If possible, it would be best to help the user understand this.