Tuesday 29 May 2012

Accessing the Facebook account using 3 different Passwords

Facebook account can be accessed using 3 different passwords. Shocking?? But don't worry, its real and interesting too. You will be very eager to know that how does it work. Any other online account allows you to access it using only a single password per user-id. But Facebook allows 3 variants of your password per account.  Let us know about the surprising fact.. 

Facebook accepts the following variants of passwords:

1. Let us assume that your Facebook password is myNewAccountPassword. So that's the FIRST type of password. 

2. The second type is the CASE TOGGLED (reversed) Password. 
In the above password, the letters N, A & P are in the uppercase and the rest  of all the passwords are in the lowercase. Now the little bit change in the password can be done by TOGGLING the above password, i.e  UPPERCASE letters are converted into lowercase and vice versa and the new Facebook password will become 

MYnEWaCCOUNTpASSWORD


Now the facebook welcomes you if you use the above toggled password. 

3. The third type is the password with the FIRST LETTER CAPATALIZED.
If your password contains the 1st letter in lowercase, it can be converted into the UPPERCASE. i.e the original password mentioned above will become MyNewAccountPassword. This also works well with any Facebook account. 

NOTE: This option works only for the mobile users.

Now the question that would be arising in your minds would be "Why does Facebook allow 3 different forms of password for a single account?" And you may be very curious to know the answer for the same. 
You may also think that "This would be the Facebook bug or a very very serious vulnerability." But it is not the thing.

Most of the times the Authenticated Logins are rejected is when CAPS LOCK in ON. This converts the lowercase into uppercase and vice versa. This is where the TOGGLED password used in Facebook. Facebook allows us to enter the TOGGLED password by understanding that caps lock may have been enabled accidentally. Thus TOGGLED password still lets you login to your Facebook account. 

For mobile users, it is very common for the 1st letter of the password to be in a uppercase which leads to the failure of the Authenticated login. The another variant of the password sort outs this problem. It accepts the 1st letter to be capital and rest of them as it is. 

Hence generating and applying 3 different variants of password.  



2 comments:

Note: only a member of this blog may post a comment.