Even if 80% of users don't use capitals in their passwords, the 20% who want that added security don't get it. Even if you believe this made-up statistic due to your condescending attitude towards "normal" users, the password should be case sensitive.
A (very stupid) alternative would be to notify the users that their password isn't case sensitive so that those who mind can use a more secure password.
The argument that "most" users won't be affected is absolutely negated by the fact that some are.
Blizzard takes a lot of steps to ensure your password can't be bruteforced. Even with the (imho unnecessary) limit of 16 chars on the password, you can have all the security you could need, and then some. On top of that, you can get two-factor auth for free in most cases. The "added security" that those people want is in practice not significant at all, and Blizzard had other priorities driving their choices.
If I had to make an auth system I'd probably still opt for case sensitivity, no length limits, and other such best crypto practices, simply because that's the path of least resistance. But my biggest security concerns would be elsewhere.
If you care about the security of your account at all, you should be using an authenticator, and even with a poor password proper two-factor authentication is far more secure than even the best password.
Even if 80% of users don't use capitals in their passwords, the 20% who want that added security don't get it. Even if you believe this made-up statistic due to your condescending attitude towards "normal" users, the password should be case sensitive.
A (very stupid) alternative would be to notify the users that their password isn't case sensitive so that those who mind can use a more secure password.
The argument that "most" users won't be affected is absolutely negated by the fact that some are.