One common place of friction is with log in screens. While you should absolutely use guest checkout whenever possible to reduce the need to sign in, it's inevitable that existing customers who want to track orders, view wishlists, write product reviews and participate in your user community will face the dreaded log in box. And unless they have the memory of an elephant, they've got a good chance of forgetting the username/password combination (especially if you're a stickler for strong passwords, requiring numbers or other special characters).
The worst practice is to tell the user their login information is "invalid."
Equally bad is to say the login "didn't work." Sounds like a system problem rather than an input error.
Better is to explain that the address entered does not match account records. This way, the customer understands it's not that the system doesn't believe the email address itself doesn't exist, rather that it was not the email address the customer signed up with.
Target goes the extra mile to provide inline feedback and a detailed explanation of how the user can remedy the situation, including checking out with their Amazon account instead. (Problem is, folks don't remember their Amazon account info either!)
Bad practice is to use red notification text, but to make it really small, or to camouflage it below the login box:
Can you read this?
Login screens are not the only place your visitors may be experiencing frustrating errors. Make sure you explain what the CVV is if you use ask for it, and explaining what format you require for telephone numbers, postal codes and password creation.
Your web analytics will show you which pages have high exit rates. Examine top exit pages that have input fields that may require tweaking.