Your Facebook Account Has 3 Passwords

Note: I wrote this back in 2012. While Facebook implemented this clever trick back then, their security models and login handling have evolved dramatically since!

Here’s a fascinating bit of trivia that very few Facebook users actually know: your Facebook account doesn’t just have one password—it actually has three!

Facebook built this system to quietly handle the most common login mistakes, like accidentally leaving CAPS lock on or dealing with aggressive mobile autocorrects. You have the one password you created yourself, and Facebook secretly generates two completely valid variations of it to save you from login errors.

Let me show you exactly how it works with an example.

Password 1: The One You Created

Let’s say your actual password looks like this:

In this case, the letters F, K, and P are uppercase, and the rest are lowercase. This is the exact string you type in every day. Now, let’s look at the two variations Facebook creates for you.

Password 2: The CAPS Lock Savior

If you accidentally leave CAPS lock on, you end up typing the exact opposite case of what you intended. Facebook anticipates this. They automatically accept a version of your password where every uppercase letter is made lowercase, and every lowercase letter is capitalized.

So, if your real password is myFacebooKPassword, you can actually type MYfACEBOOkpASSWORD and Facebook will log you right in!

Password 3: The Mobile Autocapitalize Fix

We all know the struggle of typing on a mobile phone. Almost every smartphone keyboard automatically capitalizes the first letter of whatever you type. To stop this from ruining your login experience, Facebook simply ignores the case of your password’s first character when you log in from a mobile device.

Even if your password starts with a lowercase ‘m’ (myFacebooKPassword), typing MyFacebooKPassword will still get you right into your timeline.

You don’t have to take my word for it—go test it out yourself on the Facebook login screen!

Here is exactly what Facebook had to say about it at the time:

We accept three forms of the user’s password to help overcome the most common reasons that authentic logins are rejected. In addition to the original password, we also accept the password if a user inadvertently has caps lock enabled or their mobile device automatically capitalizes the first character of the password.

It’s a brilliant, invisible feature that quietly saves thousands of people from frustration every single day.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.