Comment by luckylion
2 hours ago
Aren't you leaking that there's an account with that email that has a non-password auth method if you treat them differently?
2 hours ago
Aren't you leaking that there's an account with that email that has a non-password auth method if you treat them differently?
How would you avoid that? How would someone exploit that information? The whole point of the other auth means are that they're more secure.