Feature #23567
closedUsername validation message should address email addresses in login form
0%
Description
I filed this under "OpenID" although this has to do with the login page validation messages. I could not find an appropriate category so I used OpenID.
When an email address is detected in the user field of the login form field, e.g. huertanix@blah.net, logging in fails and returns a generic "Invalid user or password" error. It should instead detect that the user is trying to log in with an email address instead of a username, and alert the user that they should not be logging in with their email address as their username:
"Please log in with your user name instead of your email address. [password reset link]Forgot your username or password?[/password reset link]"
Password managers can sometimes assume that the email address entered when registering an online account is a username, so it will auto-fill in an email address (this is what happened in my case). Many online services use email addresses as usernames instead of a separate username string, so with that conditioning from the rest of the internet, users can't be expected to understand what's actually happening with the current validation messaging.