Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Which error message is better when users entered a wrong password?

Tags:

Is there any differences between the following two error messages from security point of view when users entered a wrong password?

Wrong username or password.

Wrong password.

For example, when you enter a wrong password on the Gmail.com, it will tell you "The username or password you entered is incorrect".

Is there any considerations for security reasons? I think the error message: "The password you entered is incorrect" is more clear to users, And, What's more, it's very easy to check whether a username is exists on the Gmail.com: just click "Can't access your account?" and enter the username. If the username doesn't exists, it will tell you.

like image 245
luin Avatar asked Feb 17 '13 14:02

luin

People also ask

What is the best way to show an error message when a user inputs some wrong data and submits?

Error messages should be clearly indicated You can do this by: Highlighting the field in question visually, usually with an outline around the input in a bright noticeable colour (usually red) Adding additional icons or visual cues to draw attention to the mistake.

What is a good error message?

A good error message has three parts: problem identification, cause details if helpful, and a solution if possible. Whenever an error occurs, user wants to fix it as soon as possible. The error message should have enough information for user that guides him how to get out of the erroneous situation.

Which error message is a good example of one to show do you Users that have got their password wrong?

I think the error message: "The password you entered is incorrect" is more clear to users, And, What's more, it's very easy to check whether a username is exists on the Gmail.com : just click "Can't access your account?" and enter the username. If the username doesn't exists, it will tell you.

Which could be a proper error message for failed authentication?

The error message states “Authentication failed! Try again.” You may have locked your account after too many attempts and your account will need to be reset. Contact the Help Desk if this is the case. If you see this error message, you will need to clear the cache of the current browser that you are using.

1 Answers

The idea is to not give hackers extra information. If you say wrong password, you've told a hacker that they have a correct username, and vice-versa. Although what you've said is true, on some sites it is possible to determine if you've guessed a username via other means.

like image 83
Mike C. Avatar answered Oct 01 '22 03:10

Mike C.
Sign in to Comment

Related questions

How do I return a boolean from AsyncTask?
Hibernate IDENTITY vs SEQUENCE entity identifier generators
'C:\Program' is not recognized error
How to check null values using kendo template
How to access $parent or $parents[] in knockout viewmodel click event?
Capistrano Error - Net::SSH::HostKeyMismatch
Clustering values by their proximity in python (machine learning?) [duplicate]
Hide the src image in an <img> element, but show its background image
Slice string into letters
Pushing data to Google spreadsheet through JavaScript running in browser
C# Parsing JSON array of objects
composer to disable https completely

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!