Lesley Carhart 
One of my favorite modern cybersecurity design things is when something on the server side authentication fails instead of your actual credentials / MFA, but the failure error message is identical so you spend an hour doing resets and second guessing yourself only to have everything work perfectly a little later on.
MattPounsettI can sorta understand how they got there:
- every auth failure looks the same so there are no information leaks
- back-end auth method only returns success or failure
Annoying as hell if you're on the outside and can't see what's going on. :(
More internal methods with boolean results need a third possible return code to cover internal errors: `true | false | null` comes to mind.