More descriptive login error
S
Sergiu Svet
Recently, while trying to log into my DigitalOcean account using my associated email, I encountered an issue. The system responded that the email was not registered. However, when I attempted to reset my password with the same email, I received an email stating that the authentication method was GitHub, and I should use that instead. This caused unnecessary confusion and delay, as I had forgotten I used GitHub for authentication.
To improve user experience and reduce confusion, I propose that DigitalOcean enhances its authentication error messages. Instead of simply stating that an email is not registered, the system could provide a more informative message indicating the authentication method associated with the email. For example, instead of "An account with this email does not exist." you could say "An account with this email exists, but the authentication method is via GitHub. Please use GitHub to log in."
By doing that you instantly get a few benefits:
a) Users will immediately know the correct authentication method, saving time and reducing frustration.
b) Clearer error messages will likely decrease the number of support requests related to login issues.
c) Users will be reminded of their authentication methods, reinforcing good security practices.
While there might be concerns about revealing authentication methods in error messages, the risk is minimal compared to the convenience and clarity it provides. If an unauthorized person already has access to someone's email, they likely can reset passwords and gain access to accounts anyway. Thus, providing the authentication method in the error message doesn't significantly increase security risks.