

Ask HN:Facebook password behaviour: glitch or a feature? - Techasura

Recently i found that facebook login methods have changed.
I will try and explain with an example.
Lets say, you have your password to be, "XYZabc123".
Now, try and login with a slight change in the password, that is, "xyzABC123".
To be more clear, change all the capital letters in your current password to small letters and vice versa. You can still login. I don't know if this just a added feature or a glitch.
I have never come across this kind of situation, at least not on any other site so far.
Or is it happening only to me?
======
riffraff
it is by design, facebook stores three versions of your password, and allows
you to login with samecase, oppositecase (i.e. you forgot caps lock) and
first-letter-upcase (cause some mobile stuff does that automatically).

There was an article somewhere but I can't find it at the moment.

~~~
Techasura
Wow.. this is interesting. But wouldn't this open doors for hackers?

~~~
replax
Well, while it makes a brute-force attack somewhat easier, it is still
certainly not easy. While I haven't tried it, I suppose Facebook has some
strong brute-force prevention methods (rate limiting, for instance, captchas
etc).

Most Facebook account's get compromised through social engineering /
keyloggers. And that risk is not increased by facebooks login implementation.

