This issue has become a feature request for a new setting to be added that allows enabling better privacy on login/password reset forms. This will mean those who prefer usernames/email addresses not be revealed can enable that setting, and those who prefer the better UX of knowing what incorrect information was submitted to these forms can leave it disabled.
If I enter my username in the Reset Password form (/user/password) and submit, I see this message:
Further instructions have been sent to your e-mail address.
If I enter a made-up username in the same form and submit, I get this:
Sorry, [made-up username] is not recognized as a user name or an e-mail address.
This basically tells people whether or not a given username or email address is in-use on the site. I see this as a (low) security issue and possible privacy issue.
I recommend instead giving something like the following message (like I've seen on other sites) whether a valid or invalid username/email address was entered:
If a matching account was found, further instructions have been sent to that account's e-mail address.
Recent comments
Thank you for providing the links to the Ckeditor 5 problem when using the gin theme that may occur after updating Backdrop to the 1.32.0 release, and the link to the new release of gin that...
Backdrop CMS 1.32.0 Upgrade Issues or Feedback
Here is a possibly related issue in the core issue queue: After upgrade from 1.31.1 to 1.32.0 update.php shows fatal errors and leaves site in maintenance mode https://github.com/...
Backdrop CMS 1.32.0 Upgrade Issues or Feedback
It sounds like a CSS/JS bug in the Layouts UI: when the "Add block" row is hidden with display:none, its help/description element isn’t being hidden together. 🔧 Things to try...
Add blocks filtering problem