Client wanted to add "password usability" features such as:

Password1 === pASSWORD1

Him: Facebook and Google do it
Me: You're not Facebook or Google
Him: Well sure, not without this feature
Me: 🤔

  • 2
    I thought that looked interesting and tried googling it/logging in like that, is your client just asking for passwords to not be case sensitive? It wouldn't let me log in like that.
  • 0
    @Rudi9719 not exactly, "case-opposite" I suppose:

    Password1 === pASSWORD1
    Password1 !== passWORD1
    Password1 !== pASSWORD!

    Among other features (time based, previous pass related, etc..)
  • 1
    @Rudi9719 Oh and also idk if Google/Facebook does case insensitive but Google sure do some weird stuff will previous pass and multi account.
  • 4
    So this 'feature' is just for folks who accidentally leave caps lock on when they type?
  • 6
    @thejohnhoffer yeah, which I think is best solved by showing "caps lock is on" or similar symbol

    ..wait, can JavaScript even tell if caps lock is on?
  • 2
    @brod yeah you can.... Ish.... But they have to start typing first ... Let me know if you ever find a better way!
  • 1
    Also how do you compare passwor case(ness) if it's not stored in plain text(I hope) ?
  • 0
    @skonteam I had the same thought, but you can just modify the password submitted at login 😉

    ..not that I'm going to.
  • 1
    Facebook only accept first letter to be lower case or upper case right ?, ( Reason for that is on most mobile keyboards a new word starts with an upper case letter, so if the whole password is lower case user could get confused )

    I think they save it as it is when signing up ( encrypted of cause )

    And upon login they take your password, make two versions of it ( strip first letter And turn it upper case and lower case ) then cross check it with your password in the database

    Not sure how performance consuming that is cause to check like that there has to be a custom hash or something, just my idea
  • 4
    Are you kidding me?
  • 1
    @skonteam you could save the password twice, once normal and once case-inverted or retry and invert case if the password is wrong.
Add Comment