Facebook and CAPS-LOCK: Unexpectedly Secure (blog.agilebits.com)

10 points by pwenzel ↗ HN
If your Facebook password is PattyAndMolly, Facebook will also accept pATTYaNDmOLLY as a valid password. This may initially seems look something that weakens users’ security. However, Jeff explains that it has the opposite effect, noting a few downsides as well.

3 comments

[ 5.7 ms ] story [ 21.4 ms ] thread
Obviously written by someone that doesn't think like a hacker.

"We can see that in this case, the Caps-Lock transformation doesn’t weaken security."

... No. It's half as hard to crack as one that doesn't try 2 passwords on every attempt. Sure, the password cracking program would have to be updated to take advantage of that, but if you think the good ones aren't custom, you're sadly mistaken.

I think the article's point is that Facebook's throttling measures are sufficient to thwart attacks.

Whether or not that's true is obviously up for debate.

They may have started on that track, but then they started trying to argue with security professionals that this tactic is just as secure. And it's not. They cannot win that argument.