There’s a security best practice where sign ins aren’t supposed to say “password is incorrect”. Instead they’re supposed to say the “username or password is incorrect”. This “best practice” is bullshit. […] You gain no security, yet your customers lose clarity.
At first I raised my eyebrow when reading this, yet it became clear rather quickly: there’s no need to locking down your front door when you’re leaving a window open.