Yes, I agree fully. For demo purposes, I've made the explanations and code examples as simple as possible. But, I'd always suggest only returning a vague message such as "The credentials you entered are incorrect."
The password reset you mentioned is also a very delicate matter. I would never risk having it any other way than through e-mail instructions.
Thanks for this feedback and I'm glad you liked the article. :)
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.