**As** an OpenProject user
**I want to** get an error message which doesn't tell me "your account is locked" or "you tried a wrong username/password multiple times" although this is not true when I enter a wrong username or password
**so that** I don't get confused.

**Acceptance criteria**

* Begin of the insertionSplit error message in two cases:
* End of the insertion Change error message Begin of the insertionfor failed login attempt: "Invalid user name or password entered. Please try again or use the link 'Forgot your password?'"
End of the insertion Begin of the deletion

**To be discussed**

End of the deletion * Begin of the insertionIf possible, link text "Forgot your password?" toEnd of the insertion Begin of the deletion ShouldEnd of the deletion the Begin of the insertionpassword reset screen (/account/lost\_password)
* Additional error message when the user is blocked: "User accountEnd of the insertion Begin of the deletion two cases ("wrong username/password" and "accountEnd of the deletion locked Begin of the insertiontemporarilyEnd of the insertion due to multiple Begin of the insertionfailed login attempts. It willEnd of the insertion Begin of the deletion faulty insertions")End of the deletion be Begin of the insertionunlocked automatically in a short time. Alternatively, please contact your adminEnd of the insertion Begin of the deletion differentiated and leadEnd of the deletion to Begin of the insertionbe unlocked."

**To be discussed**

* Verify that these two cases do not pose an additional security risk.End of the insertion Begin of the deletion different behaviors (e.g. different error messages)?End of the deletion

### Current situation

<figure class="image op-uc-figure"><div class="op-uc-figure--content"><img class="op-uc-image" src="/api/v3/attachments/20367/content"></div></figure>