The thing is, you are already getting the message. When Wix reports that the password is wrong, or the email is wrong, it is already telling you that it is possible that the user does not exist. The message “the email is wrong”, means that the login does not exist.
What the real issue here is:
-
Wix is telling you that something failed with the authentication. It can be an invalid userid (email), or the password was truly not typed in correctly.
-
Wix is on purpose, not telling you that the userid does not exist. It is being vague for a reason.
If I wear a hacker’s hat and am trying to break into your website, the first thing I need is a valid email which is the userid. If I know the email is valid, I would just need to concentrate on breaking the password,
If Wix, gave me a message that the “email was invalid”, then I would know that I didn’t have a correct userid, and would then try another. I could keep trying until I get a valid one.
What Wix does is smarter. It says, well, either the userid is wrong or the password is wrong. This leave me guessing as which one Wix means.
B;y being purposely vague about what caused the authentication error, makes it more challenging for me the hacker, to try and break in. This is a good thing that Wix does.
Therefore, you don’t want to pop a message saying just that the email is wrong (which means the userid is wrong), because your letting out the secret that the userid is wrong.
I think a better response (popup) would be something like:
“Sorry but either your email is wrong or your password is wrong. If you have not logged in before please select create a new user.”
This lets the user know what they need to do, but doesn’t reveal if the userid exists or not.
Therefore is not a good idea to tell the user the email (userid) is wrong by itself.