top | item 20295891

(no title)

jimm | 6 years ago

Yes, but if they did they are giving away security information: they are acknowledging that the entered email address is a legit delegated login. That's a bad thing to do, security-wise. You don't want bad guys to start trying email addresses and be able to see which ones are good email addresses.

discuss

dmurray|6 years ago

The bad guys can do exactly the same in the workflow where you redirect them rather than update the page.