Whatever you do, DON'T follow this advice. It's utterly wrong.
Here's the professional way to do this:
"An application should respond with a generic error message regardless of whether the user ID or password was incorrect. It should also give no indication to the status of an existing account."
Bare in mind that particular advice is from a group expressly interested in security. The article is talking about usability. There is often a balance to be struck.
Your reply made me smile. You're quite right, but only up to a point. An emphasis on security that compromises usability can backfire and start to make things less secure.
For example, enforcing a 32 character passphrase with at least 1 non-alphanumeric character would be incredibly secure, but users will start writing down their password on post-its near their terminals, and suddenly all that 'security' evaporates because you've introduced an artificial weak link.
In a small way better usability enhances security by making the user less likely to get things wrong.
Here's the professional way to do this:
"An application should respond with a generic error message regardless of whether the user ID or password was incorrect. It should also give no indication to the status of an existing account."
https://www.owasp.org/index.php/Authentication_Cheat_Sheet