Day 17/100 of #100DaysOfCode: Security Insights 
Today I learned why login systems often return a generic “invalid credentials” message instead of specifying whether it’s the username or password that’s wrong.
The reason? Security. 
By keeping error messages vague, developers reduce the risk of brute-force attacks where bad actors could systematically guess usernames or passwords. If the system revealed which field was incorrect, it could make their job easier.
It’s a reminder that sometimes user experience is intentionally sacrificed for a higher goal: protecting sensitive data. Balancing convenience and security is always a challenge in software design!
