Why does Facebook allow me to log in with a wrong password?

Question

I don&rsquo;t know why this is happening, but I can log in to my Facebook account even if I add just one random character either at the beginning or at the end of my password. For instance, I can log in if I type 1MYPASSWORD or MYPASSWORD1, where 1 is the additional random character I added.This doesn&rsquo;t happen when the cache and cookies are cleared (I get the classic wrong password error message).Is this something to worry about? Does this happen to you as well?

dave4420 · Accepted Answer

FB think you should be able to login even if you made a silly typo in your password. Historically, they let you log in even if you unknowingly had caps lock on, or had the first character wrongly capitalised.Maybe they&rsquo;re stricter on this sort of thing if they think you haven&rsquo;t signed in from the machine you&rsquo;re on before. (Would explain the cookie thing.)

NavinF · Answer

FB been doing this for years: https://security.stackexchange.com/questions/214814/why-can-...Hashing multiple variations of your password every time you login will burn a couple of bits of entropy, but realistically if you're not using randomly generated passwords stored in a password manager you never had much security to begin with. They're just automating something that humans do manually