alt Hacker NewsAren't you leaking that there's an account with that email that has a non-password auth method if you treat them differently?
Aren't you leaking that there's an account with that email that has a non-password auth method if you treat them differently?
How would you avoid that? How would someone exploit that information? The whole point of the other auth means are that they're more secure.