Data validation – Positioning

I have discovered that users have difficulty logging into our site due to data validation.

Currently, the system has this logic:

  • Email / ID error = display error
  • Incorrect password = display error
  • Email / ID / password error = display error

This error is the same for all instances and is displayed below the email entry box, regardless of what is causing the error.

My question isShould I divide the error box to say "Incorrect password" and show it below the password entered in the instance in which the user entered the wrong password (to make it clear that this is what the user should correct before continuing) ?

I had a secondary thought that was if someone is trying to log into another person's account, they would have confirmation that the email they guessed is correct, but the password is incorrect or vice versa.

Do the positive aspects of solving the user's struggle overcome the potential problems related to fraudulent behavior?

(Basically, ask the question as I predict what interested parties will do!)