Does facebook store multiple password hashes for each user?
- by loxxy
I noticed that Facebook allows multiple variants of my own password :
My password as it is.
My password with first letter capitalized.
My password with all letters capitalized.
It is commonly known that passwords are stored as hashes. So my question is, does facebook store multiple hashes for each user? Since the hash of each variant should be completely different... Or am I missing something, here?
And there may be more combinations, besides the one I observed as well.
This is obviously done to provide a better user experience & they probably have a statistical explanation of people repeating these mistakes. But I could not help but wonder, is it worth to increase so many lookups (in their database) just to help the user type a wrong password?
On top of this, they warn about the caps lock (even though they don't seem to care) :