“username or password incorrect” is bullshit
Travis Jeffery

That message has to be displayed because the database creates a hashcode of the combined username and password if implemented correctly. So on login neither is known by the backend. If these two fields were not hashed together then the hashcode for the password in the database would be the same for every password that is the same. Then if one password gets hacked all others like it would be at rick of compromise.

Like what you read? Give Jo McMinn a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.