Hey there,
just wanted to reset my password and i saw this message (red part added by me):
This is bad practice, because you are giving away information for free, who is registered in this forum, without authenticating in any way.
The best practice is to just write “if you have an account here, you will get an emil now”. There is no reason to give away this information in the first place, because the user will see within a few seconds if he has an account, when he looks into his emails.
Even companies that are not related to security are following this practice, so i think Bitwarden should implement this security feature asap.
I would love to get a response here from someone who is working on the forum or can forward this.
Thanks and keep the good work up, Bitwarden is awesome