I mis-typed my password while logging in and received the following error:
"The password you entered was incorrect. Remember that passwords are case sensitive."
This tells an attacker that the user name is correct. So they have half of the equation. Can someone change the error message to something more generic?