Error Message Text - Best Practices

Question

We are changing some of the text for our old, badly written error messages. What are some resources for best practices on writing good error messages (specifically for Wind

Answer 1

For security reasons, don't provide internal system information that the user does not need.
Trivial example: when failing to login, don't tell the user if the username is wrong or the password is wrong; this will only help the attacker to brute force the system. Instead, just say "Username/Password combination is invalid" or something like that.