Hello,
Currently, when a user enters a valid username with an incorrect password, the system indicates that the username exists and the password is wrong.
Is it possible to modify the login validation to display a generic message such as “Username or password is invalid” for all failed login attempts?
Thanks,
Like many other sites, we made the conscious decision (a long time ago) that the usability benefit - especially in the kind of environment where Indico is often used - of immediately seeing whether your username is correct outweighs the miniscule security increase of more generic errors.
So no, currently it is not possible to change this. This may change or become configurable in the future though.