

Google password ignores case for first character on mobile - geobio

THIS ONLY WORKS ON YOUR PHONE, not in computer version of chrome<p>go to accounts.google.com (or gmail.com, etc) and type in your username and password, but change the case (aka caps&#x2F;not-capitalized) of the first character, and see that you&#x27;re still able to log in! this only happens for the first character, and im guessing it&#x27;s because phones often change the case (eg, auto-capitalize) of the first character<p>again, this does not work on regular desktop web
======
dkokelley
Facebook did something similar. If I recall correctly, the case could be
entirely inverted (caps lock key was on) and you could still log in. I believe
they did this by storing 3 versions of your password hash (initial case,
inverted case, and original case), and the permitting sign in if your
submitted password hash matched any one of them.

Edit: I found the source for this.
[http://www.zdnet.com/blog/facebook/facebook-passwords-are-
no...](http://www.zdnet.com/blog/facebook/facebook-passwords-are-not-case-
sensitive-update/3612)

------
iancarroll
You probably could have reported this, but my gut tells me it's to protect
against stupid users.

~~~
frou_dh
It's hardly stupidity, just an unfortunate clash of usability.

