Facebook will accept slight variations of your password, for your convenience.

And its perfectly safe.

Passwords Are Easy To Mistype

Facebook and other sites like it have a problem.

The word Windows 11 with a map pin on the right and the default windows 11 wallpaper as background.

They’d like you to use long and complicated passwords, but those are hard to jot down.

You should beusing a password managerto take care of that for you, but most people don’t.

And because of those two factors, it’s common to mistype your password.

All cameras and smart hub from Reolink that made it to works with home assist certified.

At that point what should Facebook do?

If your password is very close to correct, they may count it as accurate.

The rules for this are straightforward.

Google Pixel 9a laying on a table.

For example, let’s say your password is “letMeIn.”

This Process is Still Secure

At first blush, Facebook’s password lenience sounds insecure.

But in this case, the truth is more complicated.

Article image

Brute forcing unknown passwords does exist, but it’s very different than TV implies.

Adding complexity helps, but not as much as you might think.

Of particular interest is the caps lock scenario.

person looking at Facebook on a laptop

Seasontime/Shutterstock

It denied that password.

That attempt was successful, and I was logged in.

Facebook is not only checking what the password is but how you enter it.

When you submit a password to access, it’s checked against your original password.

If it doesn’t match, Facebook runs your submitted password through these variations.

If that doesn’t work, Facebook tries again with the next scenario.

That makes the entire process less frustrating for you.

Social engineering and password dumps are much simpler to use.

You don’t have to look far to findinstanceafterinstanceofdata breaches.

Chances are you’ve had at least some account compromised somewhere.

The first step is to stop using the same password for every site.

Instead, get apassword managerand let it generate unique long passwords for every different site you use.

While SMS-based two-factor authenticationis better than nothing, it’s still vulnerable to social engineering techniques.

Andhave a backupin place in case something happens with your phone or key.

With this combination, your account is far more secure regardless of Facebook’s password policies.

Security is a balancing act.

The more you lock down a system, the less convenient it is to access.

But as you add more convenient access, you lose security.

The trick is getting the right amounts of both to protect your users without frustrating them.

Facebook erred on the side of user ease here, and that’s probably an acceptable decision.