Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello I'm using ory elements in my app and want to change an error message on the registration component. When somebody tries to register with an email that has already been used the error messages says the account exists already. This is very bad security and now a hacker can easily see what emails they should try and attack. I know there is an option to provide custom translations, is that how I can change the error message? I cannot find anywhere in the docs that explain how to do this. I'm using kratos and the specific error message is this one:

```  {
    "id": 4000007,
    "text": "An account with the same identifier (email, phone, username, ...) exists already.",
    "type": "error"```
  }
``````

I have also experienced issues with email enumeration. I have not heard back from ory about how to mitigate them, I’d love to hear any solutions you come up with.

Btw there is a new setting in kratos 1.3.1 `security.account_enumeration.mitigate: true` that fixes some, but not all, email enumeration opportunities.

thanks ill check out that setting and see what it does