It would be much better from a security perspective if you won't show if a username doesn't exist. By confirming that an account does not exist, it is implied that when the message is not shown the account, does exist. This creates opportunities for hackers to brute force and find all possible e-mail-addresses that exist on the Zoho servers.

It is unnecessary to show if an account exists or not. Just show a message; unknown e-mail address and/or password like all other main websites do.. for a good reason.

Thank you,

Mark