On Feb 23, 2015 12:06 PM, "Lars Aronsson" <[email protected]> wrote: > It would be possible to just say "sorry, login by e-mail > is not possible for you; please login by username".
No, that isn't possible. We can't reveal existence or non-existence of an account with an address. If there's more than one with a given address and we throw that error message then we've revealed something we can't. Multiple accounts match response should be identical to wrong password response and identical to no such email/username response. -Jeremy _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
