Hacker News new | comments | show | ask | jobs | submit login

That's a security risk in and of itself. Suppose someone has an account named 'bobs'. For whatever reason, they don't notice that they mistyped and put in 'bob' instead. They try a couple times with their correct password, and now the 'bob' user has in their logs someone else's valid password. Said user could then set up very minimal bits of automation to discover, and break in, to that account.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact