Lesley Carhart 
One of my favorite modern cybersecurity design things is when something on the server side authentication fails instead of your actual credentials / MFA, but the failure error message is identical so you spend an hour doing resets and second guessing yourself only to have everything work perfectly a little later on.
MostlyBlindGamer@hacks4pancakes I could understand this as a way to not reveal exploitable bugs, but… it’s a headache.
Peter H Coffin 🐀@MostlyBlindGamer @hacks4pancakes One doesn't have to give the EXPLANATION to the user. "Internal Error" is fine. Just ensure that anything that ISN'T the user's fault doesn't look like it is, and gets logged with enough severity to make someone pay attention to it.
@hellsop @hacks4pancakes yes, exactly. I could kind of excuse it, but won’t.