Many applications require customers (don’t call them users!) to sign up with a username or email address to use the service.
If a user mistypes their credentials, security best practices dictate that an error message be displayed which informs the customer that there was a problem WITHOUT revealing whether or not the username was found.
No problem.
Continue reading
UPDATE: Just found out that most of the book was actually copyright 2000, even more impressive!