Does facebook store multiple password hashes for each user?

Posted by loxxy on Programmers See other posts from Programmers or by loxxy
Published on 2013-11-10T14:32:06Z Indexed on 2013/11/10 16:11 UTC
Read the original article Hit count: 187

Filed under:
|
|
|

I noticed that Facebook allows multiple variants of my own password :

  • My password as it is.
  • My password with first letter capitalized.
  • My password with all letters capitalized.

It is commonly known that passwords are stored as hashes. So my question is, does facebook store multiple hashes for each user? Since the hash of each variant should be completely different... Or am I missing something, here?

And there may be more combinations, besides the one I observed as well.

This is obviously done to provide a better user experience & they probably have a statistical explanation of people repeating these mistakes. But I could not help but wonder, is it worth to increase so many lookups (in their database) just to help the user type a wrong password?

On top of this, they warn about the caps lock (even though they don't seem to care) : enter image description here

© Programmers or respective owner

Related posts about database

Related posts about security