So i have a password reset page… i put in a random username which does not exist in the system, it tells me thanks and instructions on reseting your email have been sent to your email address.
Can it not recognise that the username doesn't exist and can it not tell the user that they need to register instead? 
For security, we never reveal if a username exists either here or during login. Knowing a valid username is half the battle when trying to gain access to a system you are not allowed into and comes up often in security audits of systems. So no functionality currently exists to do this.
Oh i see ok that's a good point i did not think off :rolleyes: