- Login page
- This doesn’t let us know if the email is valid or not. It’s called synchronized error message. Doesn’t let you which variable (email or password) failed the check.
- Forgot Password
- This does let us know that they are not registered making the user invalid
- The correct way of doing this is a message that says “if it exists an email will be sent.”
- Find a link that lets you check for validity without the captchas
