Most of the websites says “username or password is wrong” whenever we typed wrong password.
Why are they not saying “your password is wrong”?
Most of the websites says username or password is wrong whenever we typed wrong
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Most of the websites says “username or password is wrong” whenever we typed wrong password.
Why are they not saying “your password is wrong”?
Just ignore the security issue of saying “Your password is wrong”.
First we can check whether it is possible to say “Your password is wrong”.
I posted this question in our college group and I felt one answer from the group is worth positing here.
The authentication failure may occur in three ways:
The website process it as given below.
a. If the username is not in database, the website can’t say that ‘Your username is wrong’. Because the website don’t know whether the password you entered is your correct password.So the website can say ‘Username or password is wrong.’ only.
b. If the username is in database, the website can’t say that ‘Your password is wrong’.
Because the website don’t know whether the username you entered is your correct username. So website can say ‘Username or password is wrong.’ only.