3. Facebook Will Accept Three Versions Of Your Password
Any time somebody posts a claim about passwords, people get justifiably twitchy. I'm mainly think of the claim that if you write your password in a comment, Facebook will automatically star it out (pro tip: not true, don't do it). However, it is true that Facebook will accept three different versions of your password, and you can test this out without having to run the risk of telling anyone anything. Facebook, and most password protected sites, don't actually know what your password is in the first place, it is stored in a format known as a "hash" which basically encodes it into garbled nonsense that is very difficult to crack, making it secure. Facebook, however, will validate three different hashes for your one password, this is to account for case-sensitive errors. For example, if your password is pAssword (and if it is, I would recommend changing it, that's a terrible password), it will accept pAssword (regular), PaSSWORD (with the case inverted) and PAssword (with the first letter capitalised, because autocorrect will often capitalise the beginning of words). You can also use your mobile number or username (the bit at the end of the vanity URL on your profile page) to log in instead of your email address. They're not just being super-nice (although it is handy), but this reduces pointless stress on their servers as it significantly cuts the amount of people requesting new passwords because they think they've forgotten it.
