I absolutely do. It’s not that the password was wrong. It’s that they wanted to invalidate all existing passwords and make you change it.
The easiest way to do that is for them to force everyone through the “forgot password” workflow. Zero or minimal code changes. They don’t want to make a new, but very similar , “we had a security breach and are requiring you to change your password” workflow. They just don’t care that they’re blaming you for their problem.
I absolutely do. It’s not that the password was wrong. It’s that they wanted to invalidate all existing passwords and make you change it.
The easiest way to do that is for them to force everyone through the “forgot password” workflow. Zero or minimal code changes. They don’t want to make a new, but very similar , “we had a security breach and are requiring you to change your password” workflow. They just don’t care that they’re blaming you for their problem.