Auth Security recommendation #6
Description
I would suggest not being specific with validation errors during login. Messages such as 53 and 56 during login can be a bit more vague to help secure users from brute force attacks.
A message like "the credentials provided are invalid" for both validation errors is more than enough in my opinion.