Hacker News 上看到「Gmail password first character is case insensitive on mobile device (support.google.com)」這篇,在講密碼輸入上的 UX。
在 Hacker News 上的討論看到這則:
This is a well-understood feature. Facebook does the same thing[0].
Quote:
Facebook actually accepts three forms of your password:
* Your original password.
* Your original password with the first letter capitalized. This is only for mobile devices, which sometimes capitalize the first character of a word.
* Your original password with the case reversed, for those with a caps lock key on.
[0]: https://www.zdnet.com/article/facebook-passwords-are-not-case-sensitive-update/
接受三種密碼,第一種是完全正確的密碼,第二種是第一個字如果是大寫時的密碼 (在行動裝置上可能的行為),第三種是大小寫全部相反的密碼,這在沒注意到 caps lock 時會發生。
強度不會削弱太多,但對於 user experience 好很多的設計。