== Recommended Secure Coding Practices

When a user performs a request involving a username, it should not be possible to spot differences between a valid and incorrect username:

* Error messages should be generic and not disclose if the username is valid or not.
* The response time must be similar for a valid username or not.
* CAPTCHA and other rate limiting solutions should be implemented.