LukeW August 22nd, 2011 1:57 pm @Ian what information? Your name or usaernme? Cause that's what Facebook, Google+, Gowalla, Quora, Twitter, Bagcheck, etc, etc do. They have PUBLIC profile pages. You can choose what you show on these pages but joining the service creates a public page for you. That's what happens when you sign up (which is your choice). @Kevin that's still a good best practice but in the case of a service like Twitter (or any service with public user names that allows you to log in with usaernme & password), it's a moot point. Anyone can see there is an account with the usaernme by searching, browsing, etc. on the site. So the only part that's unknown is the password.Same thing is true for Facebook. Type an email address into the search field at the top of any Facebook page and you will find the user with that email address on the site.Just between the Twitter (200M accounts) and Facebook (750M accounts) examples, there's 950 million accounts in this insecure state you are concerned about.I'm NOT saying public profile pages are for every site on the Internet. But for the sites that have them they already have the level of insecurity you are describing. It is NOT an artifact of any of these log in page designs.Hope that clarifies things?