Goal
- Prevent attempts to hijack accounts or steal identities,
- Improve user security.
Implementation
In response to an attempt to create an account, log in (or a series of attempts), or request a password reset, do not display messages such as:- “This email is already in use.”
- “Incorrect password.”
- “Please follow the password reset procedure sent by email.”
- “Account locked.”
Control
Verify that no information is provided about the existence of a user account when attempting to create an account, log in, or recover a password.Discover Opquast training and certification
The objective of these rules and the Opquast community mission is ‘making the web better’ for your customers and for everyone! Opquast rules cover the key major areas of risk that can negatively affect website users such as privacy, ecodesign, accessibility and security.
Opquast training has already allowed over 19,000 web professionals to have their skills certified. Train your teams, contact us
We offer a 1 hour free discovery module.