I'd bet that some sites had their DB leaked/hacked, and just marked all the current passwords invalid to force a reset. Hopefully, it wast just the hashes that were leaked...

Oh ye that is a good theory.

Just a few hours ago a pretty well-known site was telling me my password was wrong. The same one I'd copy pasted and logged in with for years from my password manager, including as recently as within the past 24h. I tried their app and it logged me in just fine. This wasn't the first time I'd had such issues with the site. Why do these happen? No idea, they must just hate me.

I had this with Duolingo. Their login fails if the browser can’t connect to recaptcha.net. But it just shows a generic “incorrect username/password” message.

In my case I'm pretty darn sure it's something on their backend. Some race condition or lock or something that prevents login while stuff is being updated. The most frustrating part is the gaslighting, not the failure.

Or it could be bad UX, displaying the same error message for two different errors.

(Not saying that simplifying several errors into one message is always bad. I think it's reasonable to just return a 500 without any info for everything that's caused by an unexpected exception on the backend.)

Or a backend cache miss

Ah, this is a good debug. I wonder how many times this is silently happening on other sites?

Very common, the first thing I check when this kind of error pops up.

Well I am glad I am not alone. It is a strange feeling to know you are right and the computer saying no making you doubt yourself. Like, my first reaction is usually to write the password in clear text and copy pasting it to rule out keyboard issues ...

I swear to god I regularly have to change passwords I just set a few days ago, and/or saved to an external password manager. Yes, some incidents are probably me messing up somehow, but it seems to happen way too frequently even assuming I'm an idiot.

Most recent was setting a password for Rakuten Bank, saving it to my browser password manager, saving it to an offline password manager, and then two days later attempting to login and being told my password has too many characters. What.

I experienced this with Spotify multiple times.

That’s how I lost my Hotmail account.

They emailed you the password reset link?

well I am definitely to blame though it still makes me sour. When I created the account it was a time when the issue of corporations abusing your information was a hot topic. So when I created the account I was in the mindset that I should not give all my information to any company so I made up my details. So I did not have a real name it was obviously fake and I used a fake birthday. I had all this information but I strongly believe they realized my name was a fake and cut me off. I tried to do the reset link but it never worked. Still to this day I get the occasion email from that account as I did set it up to forward to my gmail. Just yesterday I got an email about verifying my insticart account and it was not me. I am still bothered years later that I was logged out and my password that I am sure i knew did not work. I feel like they forced me to try a reset and when I did it failed. That was my first email. I wish I could get back in. I screwed up with the fake info. I was young. I have given up and don't think there is a fix at this time, it has been years. I have grieved and moved on.