Hacker News new | past | comments | ask | show | jobs | submit login
FaceBook's login hack for people who leave CAPS LOCK on. (reddit.com)
10 points by woodall on Sept 14, 2011 | hide | past | favorite | 9 comments



This reminds me of the old UNIX login hack. Because some terminals did not have lowercase capabilities, older versions of login would lowercase everything (including to the shell after login) if you typed your username in all caps. This wouldn't work if you had any capital letters in your password, but that was unlikely in the 1970s anyway.


The only caveat with this is that it makes the "# of password retries allowed" number kind of fuzzy. An attackers gets two or three tries behind the scenes for every one they try. Like if they figure you used your cat's name, they get to try "FLUFFY" and "fluffy" and possibly "Fluffy" all at once.


If I recall correctly, OS X doesn't do the "Caps-Lock + Shift = lowercase" thing that Windows does. So if you have caps-lock on, every letter will be capitalized regardless of holding shift.

Does that allow you to log-in with this 'hack'? It wouldn't produce the "opposite caps state" string that Windows creates.


This must be intentional. I can see how it makes sense, but IIRC there is a way to detect whether a user has caps lock on using JS, so that might be a better way forward.

Either way, it's not a ton of use unless you know the person's password in the first place.


There's no way to detect if the user's caps lock is turned on in JS


Am mobile so can't check if it still does, but Apple's me.com login page used to inform you if caps lock was on, using the method in the article linked to from sibling comment's StackOverflow link:

http://dougalmatthews.com/articles/2008/jul/2/javascript-det...


http://stackoverflow.com/questions/348792/how-do-you-tell-if...

Are you sure?

The JS event receiving an upper case letter without also receiving the shift keycode would be a pretty good indicator, I would have thought.


ah, clever… I was thinking detection before the user types anything.


Not really a hack, but a nifty UX feature.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: