When you enter a password to access any kind of service, you'd expect to have to enter it exactly as you've typed it in the first place when registering for it. However, you might be surprised to know that you can access your Facebook account using slightly modified versions of your own password.
For instance, if your Facebook passwords were top be "aminhaPASSword", then you'll be able to login using either "AminhaPASSword"... or even "AMINHApassWORD"!
Bue, fear not. It's not a flagrant security flaw that allows anyone to access your account using random passwords. Quite the opposite, it's just an extra measure to prevent thousands of users complaining about not being able to login to their Facebook accounts, every day, due to very basic mistakes.
If you look closely you'll notice a pattern on these variant passwords:
- One having inverted upper/lower cases, which happens should you forget your Caps Lock enabled
- One having the first letter in upper case, which is common to happen in several mobile device keyboards which auto-capitalize the first letter.
[via labnol]
No matter how they paint it, it's still a security flaw to me, I usually I rely on strategically placed upper-cases on my passwords.
ReplyDelete