Why Autocorrect for Passwords Is a Great Idea (opens in new tab)

(technologyreview.com)

1 pointsvalhalla9y ago3 comments

3 comments

Assuming they're right, if you don't store passwords in the clear, you'd have to build all acceptable variants of a password when you get the original, then hash and store all of them, then check them all at next login attempt.

If you wanted to add a new kind of "allowable typo" (eg "correct except with capslock") you'd have to wait until the user next logged in to store that variant.

green_lunch9y ago

“Websites should be changing their password policies to make users’ lives easier. The security degradation is pretty small.”

Security isn't supposed to be convenient. Autocorrecting passwords sounds like a bad idea all-around and will be exploited.

valhallaOP9y ago

According to the article, they ran simulations and it only provided a .2% increase in likelihood of a breach

j / k navigate · click thread line to collapse