Wednesday, September 14, 2011

Facebook and Amazon are storing variant passwords

Yes. I mean it. The support for the title is as below.

Facebook is storing the users' passwords in 3 forms.I've tried this too. You can use any of these to login to your Facebook account. The forms are :

  1. Original password. (say "passWord123")
  2. First letter capitalized. ("PassWord123")
  3. Reverse of capitalization i.e changing the case for all the letters. ("PASSwORD123")
The second type is for Mobile devices. Third type is also used in order to facilitate the user taking the caps-lock key into consideration i.e even if your caps-lock is on, you can enter your Facebook account by entering your password normally. The question here is "Is this a bug?" My answer is "It doesn't matter" why beacuse, this is purely to facilitate the users. But coming to bruteforce attacks, this raises the vulnerability level to 3 times.

Now, coming to Amazon it uses similar concept but not completely like Facebook. 

This is the link for the article about this. I didn't try this yet. Please let me know through your valuable comments if anything is wrong.

If you enjoyed this post, make sure you subscribe to my RSS feed!

No comments:
Write comments