
Why Autocorrect for Passwords Is a Great Idea - valhalla
https://www.technologyreview.com/s/601451/why-autocorrect-for-passwords-is-a-great-idea/
======
nathan_long
Assuming they're right, if you don't store passwords in the clear, you'd have
to build all acceptable variants of a password when you get the original, then
hash and store all of them, then check them all at next login attempt.

If you wanted to add a new kind of "allowable typo" (eg "correct except with
capslock") you'd have to wait until the user next logged in to store that
variant.

------
green_lunch
“Websites should be changing their password policies to make users’ lives
easier. The security degradation is pretty small.”

Security isn't supposed to be convenient. Autocorrecting passwords sounds like
a bad idea all-around and will be exploited.

~~~
valhalla
According to the article, they ran simulations and it only provided a .2%
increase in likelihood of a breach

