Fail-to-log-in texts should be customizable - Mendix Forum

Fail-to-log-in texts should be customizable


When an user fails to log in, the message is shown: "The username or password you entered is incorrect", no matter what the reason.

For example if the user is blocked, because of too many attempts, he should get another message: "Too many attempts to log in, your account is blocked. Retry in 15 minutes", but he doesn't. The log in screen encourages him to try again with the sentence: "The username or password you entered is incorrect". Now the user is unaware of the actual reason and is not able to fix the log in problem himself.

It would be great being able to help users with some info when loggin in fails with the reasoning behind it, by developers being able to state sentences customly to the app. Also it helps us/developers to not have to check manually what the reason is (or worse: users calling, or not wanting to use the app).  


1 answers

You can't change that specific error message but you could change the generic login failure error message in Project -> System Texts but this is intended behavior so that an attacker gains no knowledge of username/passwords if attempting to brute force your application.