diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py
index 05061543e..e7b7b466e 100644
--- a/app/main/views/sign_in.py
+++ b/app/main/views/sign_in.py
@@ -71,9 +71,9 @@ def sign_in():
return redirect(url_for('.two_factor'))
# Vague error message for login in case of user not known, locked, inactive or password not verified
flash(Markup((
- "The username or password you entered is incorrect.
"
- " If you need to, you can reset "
- "your password").format(password_reset=url_for('.forgot_password'))
+ "The email address or password you entered is incorrect."
+ " Forgot your password?"
+ ).format(password_reset=url_for('.forgot_password'))
))
return render_template('views/signin.html', form=form)
diff --git a/tests/app/main/views/test_sign_in.py b/tests/app/main/views/test_sign_in.py
index 33d77a80f..4c504c59f 100644
--- a/tests/app/main/views/test_sign_in.py
+++ b/tests/app/main/views/test_sign_in.py
@@ -51,7 +51,7 @@ def test_should_return_locked_out_true_when_user_is_locked(app_,
'email_address': 'valid@example.gov.uk',
'password': 'whatIsMyPassword!'})
assert resp.status_code == 200
- assert 'The username or password you entered is incorrect' in resp.get_data(as_text=True)
+ assert 'The email address or password you entered is incorrect' in resp.get_data(as_text=True)
def test_should_return_200_when_user_does_not_exist(app_, mock_get_user_by_email_not_found):
@@ -61,7 +61,7 @@ def test_should_return_200_when_user_does_not_exist(app_, mock_get_user_by_email
'email_address': 'notfound@gov.uk',
'password': 'doesNotExist!'})
assert response.status_code == 200
- assert 'The username or password you entered is incorrect' in response.get_data(as_text=True)
+ assert 'The email address or password you entered is incorrect' in response.get_data(as_text=True)
def test_should_return_redirect_when_user_is_pending(app_,