
Resetting Passwords – What Could Possibly Go Wrong? - nomdep
https://maxwelldulin.com/BlogPost?post=3702041600
======
nomdep
I have read for years about how evil is email enumeration... but guess what? I
think the benefits of being able to tell a user that is using the wrong
username instead of a wrong password, outweighs any theoretical danger of
revealing that certain email is being used. Change my mind.

