The error message on tip 2 might lead to issues with security teams during implementation.

I know it’s there to illustrate a point but usually (in my experience anyways) revealing that an email is registered has led to run-ins with the security as this gives attackers a means to determine they’ve got one part of the information needed to break into an account.