From 910340a98b0eaa859a449411646b13aebff3895c Mon Sep 17 00:00:00 2001
From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Date: Tue, 18 Nov 2025 13:19:11 +0000
Subject: [PATCH] Update wording

---
 data/api/client-server/login.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/api/client-server/login.yaml b/data/api/client-server/login.yaml
index 95d24ad8..3295a046 100644
--- a/data/api/client-server/login.yaml
+++ b/data/api/client-server/login.yaml
@@ -262,8 +262,8 @@ paths:
                 or the requested device ID is the same as a cross-signing key
                 ID.
               * `M_USER_DEACTIVATED`: The user has been deactivated.
-                Note that servers MAY choose not to use this error code and instead use `M_FORBIDDEN`,
-                particularly when the server can't authenticate the deactivated user.
+                Servers MAY instead use `M_FORBIDDEN` when they can no longer authenticate
+                the deactivated user (i.e. their password has been wiped).
           content:
             application/json:
               schema: