There are (mild) security reasons to not let attackers know if the username is valid or not. It’s pretty useless here as /user// will reveal this. In other contexts, the message typically acknowledge the possibility with “incorrect password or username”.
There are (mild) security reasons to not let attackers know if the username is valid or not. It’s pretty useless here as /user// will reveal this. In other contexts, the message typically acknowledge the possibility with “incorrect password or username”.