> If you mistype your username, you might have entered another, existing username.
That's a good point, but there is no way the website can detect that situation, and I suspect it is much less likely than typing your correct username and the wrong password.
> The website doesn't always know which one you got wrong, and assuming one way or the other just makes things worse.
If the website doesn't know which one you got wrong, then yes, it should just tell you so; the article is not arguing otherwise.
Apart from the security issues you've yourself noted, it's possible that the entered password matches another account's password coincidentally, not because the user intended to log in to that account.
If your account has the same password as another account that's 1 or 2 letters different, it's not really the site's job to protect you. You screwed up.
This is not a very big problem security-wise. It makes online attacks slightly easier, but you can limit online attempts pretty easily. It doesn't affect offline attempts at all.
The downvotes dheera got are extra inappropriate because they were just saying it's doable.
That's a good point, but there is no way the website can detect that situation, and I suspect it is much less likely than typing your correct username and the wrong password.
> The website doesn't always know which one you got wrong, and assuming one way or the other just makes things worse.
If the website doesn't know which one you got wrong, then yes, it should just tell you so; the article is not arguing otherwise.