[bttrfl]

I run a company offering form analytics [0] so I have seen plenty of real data on how people use forms. One stupid issue I've seen over and over again is a lack of trimming of email/username/password strings, say:

'john@doe.com '

resulting in errors like 'invalid email'. Since whitespaces are invisible to users, they can't figure out what's wrong.

[0] https://www.useitbetter.com/features/form-analytics/

[CJefferson]

One thing I read (and checked, this was in the past) Facebook did was even do simple white stripping on passwords, as well as checking with caps-lock switched on.

While it technically might make passwords very slightly less secure, it makes life much easier for users, so I personally think it's worth the cost.

[ecesena]

See "pASSWORD tYPOS and How to Correct Them Securely" by Dropbox: https://ieeexplore.ieee.org/abstract/document/7546536

We also implemented it at Pinterest, I think it's a pretty good idea for a few common cases, especially for users typing their password on mobile.

Before doing this though, you want to make sure you have rate limits in place against brute force password checks for account takeover.

[mtoddsmith]

Wouldn't that interfere with a password manager that auto-saves?

[shawabawa3]

no

basically the hashing algorithm they use strips out certain information, which means that e.g.

"PaSSWord123" "pAsswORD123" "PaSSWord123 " etc

all hash to the same value, and so are equivalent.

[sib]

>> "PaSSWord123" "pAsswORD123"

Wow - non-case-sensitive passwords seem like a bad idea...

[CJefferson]

Not it's still case sensitive, you can just flip all the character's case. You are only losing "one bit" of password information.

[cratermoon]

> it's still case sensitive, you can just flip all the character's case.

How is "flipping all the character's case" different from case-insensitive?

[anoncake]

Pretty sure they don't do that for authentication.

[CJefferson]

They do, you can see a discussion here: https://security.stackexchange.com/questions/68013/facebook-...