

Facebook and CAPS-LOCK: Unexpectedly Secure - pwenzel
http://blog.agilebits.com/2011/09/facebook-and-caps-lock-unintuitive-security/
If your Facebook password is PattyAndMolly, Facebook will also accept pATTYaNDmOLLY as a valid password. This may initially seems look something that weakens users’ security. However, Jeff explains that it has the opposite effect, noting a few downsides as well.
======
wccrawford
Obviously written by someone that doesn't think like a hacker.

"We can see that in this case, the Caps-Lock transformation doesn’t weaken
security."

... No. It's half as hard to crack as one that doesn't try 2 passwords on
every attempt. Sure, the password cracking program would have to be updated to
take advantage of that, but if you think the good ones aren't custom, you're
sadly mistaken.

~~~
owenmarshall
I think the article's point is that Facebook's throttling measures are
sufficient to thwart attacks.

Whether or not that's true is obviously up for debate.

~~~
wccrawford
They may have started on that track, but then they started trying to argue
with security professionals that this tactic is just as secure. And it's not.
They cannot win that argument.

