Client wanted to add "password usability" features such as:

Password1 === pASSWORD1

Him: Facebook and Google do it
Me: You're not Facebook or Google
Him: Well sure, not without this feature
Me: 🤔

I thought that looked interesting and tried googling it/logging in like that, is your client just asking for passwords to not be case sensitive? It wouldn't let me log in like that.

@Rudi9719 not exactly, "case-opposite" I suppose:

Password1 === pASSWORD1
Password1 !== passWORD1
Password1 !== pASSWORD!

Among other features (time based, previous pass related, etc..)

@Rudi9719 Oh and also idk if Google/Facebook does case insensitive but Google sure do some weird stuff will previous pass and multi account.

So this 'feature' is just for folks who accidentally leave caps lock on when they type?

@thejohnhoffer yeah, which I think is best solved by showing "caps lock is on" or similar symbol

..wait, can JavaScript even tell if caps lock is on?

@brod yeah you can.... Ish.... But they have to start typing first ... Let me know if you ever find a better way!

Also how do you compare passwor case(ness) if it's not stored in plain text(I hope) ?

@skonteam I had the same thought, but you can just modify the password submitted at login 😉

..not that I'm going to.

Facebook only accept first letter to be lower case or upper case right ?, ( Reason for that is on most mobile keyboards a new word starts with an upper case letter, so if the whole password is lower case user could get confused )

I think they save it as it is when signing up ( encrypted of cause )

And upon login they take your password, make two versions of it ( strip first letter And turn it upper case and lower case ) then cross check it with your password in the database

Not sure how performance consuming that is cause to check like that there has to be a custom hash or something, just my idea

Are you kidding me?

@skonteam you could save the password twice, once normal and once case-inverted or retry and invert case if the password is wrong.