Why can I log in to my facebook account with misspelled email/passwordDoes correcting misspelled usernames create a security risk?Password on login ideaIs this login flow via an authenticated email account safe?How to suspend a silent oberserver from Facebook account?Do you need to restrict the possible characters of a username?Does correcting misspelled usernames create a security risk?Copying the email address to a forgotten password pageStrange messages from Gmail regarding my recovery email address changingI have continued access of my Facebook account from a particular iPad/IP Address - how do I stop it?Logged out of Facebook on all devices on a sudden. Should I be worried about being hacked?Windows 10 seems to load session before user log in, is it safe?

How does LIDAR avoid getting confused in an environment being scanned by hundreds of other LIDAR?

Is there a way to upload multiple discount counts into CiviDiscount?

Traveling from Germany to other countries by train?

Non-small objects in categories

Identify Batman without getting caught

What is the probability of a biased coin coming up heads given that a liar is claiming that the coin came up heads?

Why does capacitance not depend on the material of the plates?

Did Captain America make out with his niece?

Only charge capacitor when button pushed then turn on LED momentarily with capacitor when button released

Write The Shortest Program To Check If A Binary Tree Is Balanced

Minimum effort to detect a solved Rubik's Cube

How can I perform a deterministic physics simulation?

Plato and the knowledge of the forms

Getting matrices labels

Homogenous Equation ODE

Did silent film actors actually say their lines or did they simply improvise “dialogue” while being filmed?

What is an air conditioner compressor hard start kit and how does it work?

Tile the chessboard with four-colored triominoes

What does the ISO setting for mechanical 35mm film cameras actually do?

Do any languages mention the top limit of a range first?

Will a research paper be retracted if the code (which was made publicly available) is shown to have a flaw in the logic?

Ubuntu show wrong disk sizes, how to solve it?

What could prevent players from leaving an island?

In MTG, was there ever a five-color deck that worked well?



Why can I log in to my facebook account with misspelled email/password


Does correcting misspelled usernames create a security risk?Password on login ideaIs this login flow via an authenticated email account safe?How to suspend a silent oberserver from Facebook account?Do you need to restrict the possible characters of a username?Does correcting misspelled usernames create a security risk?Copying the email address to a forgotten password pageStrange messages from Gmail regarding my recovery email address changingI have continued access of my Facebook account from a particular iPad/IP Address - how do I stop it?Logged out of Facebook on all devices on a sudden. Should I be worried about being hacked?Windows 10 seems to load session before user log in, is it safe?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








6















I've been playing around different login forms online lately to see how they work. One of them was facebook login form. When I logged out of my account my email and password were autocompleted by my browser, then I decided to misspell my email and see what would happen if try to login.



To my surprise I logged in with no problem after changing my email from example@gmail.com to example@gmail.comm, I then started experimenting with different misspelling errors and I had no problem logging in as long as it was not too far off my real email. I tried with changing domain name as well example@gmadil.coom, my email prefix ezfxample@gmail.com etc.



Then I also tried misspelling my password and as long as it was not too far off my real password I can log in no problem (with password it worked when adding one random letter before or after the real password, not when adding letter in the middle of it).



I also checked actual data send in request by looking at it in chrome dev tools and in fact it was the wrong data sent.



How can this be? Should I be worried about my accounts security?










share|improve this question


























  • If true (and it's a big enough claim that I'm going to want to verify it independently), then yes, everyone should be worried about account security, as it means passwords are stored in a reversible form.

    – Ghedipunk
    8 hours ago











  • @Ghedipunk to be more precise, it worked with a single random letter added before, and after the real password. Adding a random letter in the middle didn't allow me to log in.

    – aMJay
    8 hours ago











  • I can confirm this too. Someone else please try

    – shobhonk
    8 hours ago











  • That's an important distinction, with the random letter being before or after (and thanks for editing the question with that clarification as well; it helps)... That can be checked without storing it in a reversible form. With them allowing a bit of a fudge factor like that, it's time for me to generate an even longer password, though... ;-)

    – Ghedipunk
    8 hours ago


















6















I've been playing around different login forms online lately to see how they work. One of them was facebook login form. When I logged out of my account my email and password were autocompleted by my browser, then I decided to misspell my email and see what would happen if try to login.



To my surprise I logged in with no problem after changing my email from example@gmail.com to example@gmail.comm, I then started experimenting with different misspelling errors and I had no problem logging in as long as it was not too far off my real email. I tried with changing domain name as well example@gmadil.coom, my email prefix ezfxample@gmail.com etc.



Then I also tried misspelling my password and as long as it was not too far off my real password I can log in no problem (with password it worked when adding one random letter before or after the real password, not when adding letter in the middle of it).



I also checked actual data send in request by looking at it in chrome dev tools and in fact it was the wrong data sent.



How can this be? Should I be worried about my accounts security?










share|improve this question


























  • If true (and it's a big enough claim that I'm going to want to verify it independently), then yes, everyone should be worried about account security, as it means passwords are stored in a reversible form.

    – Ghedipunk
    8 hours ago











  • @Ghedipunk to be more precise, it worked with a single random letter added before, and after the real password. Adding a random letter in the middle didn't allow me to log in.

    – aMJay
    8 hours ago











  • I can confirm this too. Someone else please try

    – shobhonk
    8 hours ago











  • That's an important distinction, with the random letter being before or after (and thanks for editing the question with that clarification as well; it helps)... That can be checked without storing it in a reversible form. With them allowing a bit of a fudge factor like that, it's time for me to generate an even longer password, though... ;-)

    – Ghedipunk
    8 hours ago














6












6








6


1






I've been playing around different login forms online lately to see how they work. One of them was facebook login form. When I logged out of my account my email and password were autocompleted by my browser, then I decided to misspell my email and see what would happen if try to login.



To my surprise I logged in with no problem after changing my email from example@gmail.com to example@gmail.comm, I then started experimenting with different misspelling errors and I had no problem logging in as long as it was not too far off my real email. I tried with changing domain name as well example@gmadil.coom, my email prefix ezfxample@gmail.com etc.



Then I also tried misspelling my password and as long as it was not too far off my real password I can log in no problem (with password it worked when adding one random letter before or after the real password, not when adding letter in the middle of it).



I also checked actual data send in request by looking at it in chrome dev tools and in fact it was the wrong data sent.



How can this be? Should I be worried about my accounts security?










share|improve this question
















I've been playing around different login forms online lately to see how they work. One of them was facebook login form. When I logged out of my account my email and password were autocompleted by my browser, then I decided to misspell my email and see what would happen if try to login.



To my surprise I logged in with no problem after changing my email from example@gmail.com to example@gmail.comm, I then started experimenting with different misspelling errors and I had no problem logging in as long as it was not too far off my real email. I tried with changing domain name as well example@gmadil.coom, my email prefix ezfxample@gmail.com etc.



Then I also tried misspelling my password and as long as it was not too far off my real password I can log in no problem (with password it worked when adding one random letter before or after the real password, not when adding letter in the middle of it).



I also checked actual data send in request by looking at it in chrome dev tools and in fact it was the wrong data sent.



How can this be? Should I be worried about my accounts security?







authentication facebook






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 8 hours ago







aMJay

















asked 8 hours ago









aMJayaMJay

6481 gold badge5 silver badges12 bronze badges




6481 gold badge5 silver badges12 bronze badges















  • If true (and it's a big enough claim that I'm going to want to verify it independently), then yes, everyone should be worried about account security, as it means passwords are stored in a reversible form.

    – Ghedipunk
    8 hours ago











  • @Ghedipunk to be more precise, it worked with a single random letter added before, and after the real password. Adding a random letter in the middle didn't allow me to log in.

    – aMJay
    8 hours ago











  • I can confirm this too. Someone else please try

    – shobhonk
    8 hours ago











  • That's an important distinction, with the random letter being before or after (and thanks for editing the question with that clarification as well; it helps)... That can be checked without storing it in a reversible form. With them allowing a bit of a fudge factor like that, it's time for me to generate an even longer password, though... ;-)

    – Ghedipunk
    8 hours ago


















  • If true (and it's a big enough claim that I'm going to want to verify it independently), then yes, everyone should be worried about account security, as it means passwords are stored in a reversible form.

    – Ghedipunk
    8 hours ago











  • @Ghedipunk to be more precise, it worked with a single random letter added before, and after the real password. Adding a random letter in the middle didn't allow me to log in.

    – aMJay
    8 hours ago











  • I can confirm this too. Someone else please try

    – shobhonk
    8 hours ago











  • That's an important distinction, with the random letter being before or after (and thanks for editing the question with that clarification as well; it helps)... That can be checked without storing it in a reversible form. With them allowing a bit of a fudge factor like that, it's time for me to generate an even longer password, though... ;-)

    – Ghedipunk
    8 hours ago

















If true (and it's a big enough claim that I'm going to want to verify it independently), then yes, everyone should be worried about account security, as it means passwords are stored in a reversible form.

– Ghedipunk
8 hours ago





If true (and it's a big enough claim that I'm going to want to verify it independently), then yes, everyone should be worried about account security, as it means passwords are stored in a reversible form.

– Ghedipunk
8 hours ago













@Ghedipunk to be more precise, it worked with a single random letter added before, and after the real password. Adding a random letter in the middle didn't allow me to log in.

– aMJay
8 hours ago





@Ghedipunk to be more precise, it worked with a single random letter added before, and after the real password. Adding a random letter in the middle didn't allow me to log in.

– aMJay
8 hours ago













I can confirm this too. Someone else please try

– shobhonk
8 hours ago





I can confirm this too. Someone else please try

– shobhonk
8 hours ago













That's an important distinction, with the random letter being before or after (and thanks for editing the question with that clarification as well; it helps)... That can be checked without storing it in a reversible form. With them allowing a bit of a fudge factor like that, it's time for me to generate an even longer password, though... ;-)

– Ghedipunk
8 hours ago






That's an important distinction, with the random letter being before or after (and thanks for editing the question with that clarification as well; it helps)... That can be checked without storing it in a reversible form. With them allowing a bit of a fudge factor like that, it's time for me to generate an even longer password, though... ;-)

– Ghedipunk
8 hours ago











2 Answers
2






active

oldest

votes


















9














Facebook is allowing you to make a handful of mistakes to ease the login process. A Facebook engineer explained the process at a conference. The gist of it is that Facebook will try various permutations of the input you submitted and see if they match the hash they have in their databae



For example, if your password is "myRealPassword!" but you submit "MYrEALpASSWORD!" (capslock on, shift inverting capslock). The submitted password obviously doesn't match what they have stored. Rather than reject you flat out, Facebook tries to up the user experience by trying to "correct" a few common mistakes such as inserting a random character before or after, capitalizing (or not) the first character, or mistakenly using capslock. Facebook applies these filters one by one and checks the newly "corrected" password against what they have hashed in their database. If one of the permutations matches, Facebook assumes you simply made a small mistake and authorizes your session.



While worrying at first glance, this is actually still perfectly secure for a few reasons. First and foremost, Facebook is able to do this without storing the password in plaintext because they are transforming your provided (and untrusted) input from the form field and checking if it matches. Secondly, this isn't very helpful for someone trying to bruteforce the password because online attacks are nigh impossible thanks to ratelimiting and captchas. Finally, the odds of an attacker/evil spouse knowing the text of your password and not the capitalization are abysmally small and so the risk created as a result of this feature is equally small.



Should you be worried? No, probably not.



Further reading: https://www.howtogeek.com/402761/facebook-fudges-your-password-for-your-convenience/






share|improve this answer
































    2














    It is long know that Facebook allows you on purpose to log in with the password case reversed or the first character capitalized (see this article). They do this by storing the different hashes of the password. Are you seeing that more differences are allowed?



    Apparently, they also have some similar usability features for the email address.
    Automatically "correcting" gmail.comm to gmail.com is actually harmless, since there's (currently) no comm tld, so nobody would actually have a valid gmail.comm email address. I am however surprised that they would allow gmadil.com (currently for sale) or a different username, as that could be someone else's email address.



    They might have decided that usability is of utter importance and, if there is a log in attempt for an email address for which there is not an account, automatically attempt the log in with the most similar username, but -while not completely bad- it doesn't seem a good approach, as someone else could sign up tomorrow with the ezfxample@gmail.com email and, although unlikely, also use Password123 as password, then what?



    Update: This had been tested a few years back by Lukas on Does correcting misspelled usernames create a security risk? and apparently logging in with a misspelled email address only works when you have not deleted Facebook cookies from your earlier session. Thus, it only autocorrects your email address when it knows that you used to log in as example@gmail.com, and otherwise fails.



    Note: AndyGrayland had suggested earlier that the cookies could be playing a part of this, but it is now in a deleted answer.






    share|improve this answer





























      Your Answer








      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "162"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader:
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      ,
      noCode: true, onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













      draft saved

      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f214814%2fwhy-can-i-log-in-to-my-facebook-account-with-misspelled-email-password%23new-answer', 'question_page');

      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      9














      Facebook is allowing you to make a handful of mistakes to ease the login process. A Facebook engineer explained the process at a conference. The gist of it is that Facebook will try various permutations of the input you submitted and see if they match the hash they have in their databae



      For example, if your password is "myRealPassword!" but you submit "MYrEALpASSWORD!" (capslock on, shift inverting capslock). The submitted password obviously doesn't match what they have stored. Rather than reject you flat out, Facebook tries to up the user experience by trying to "correct" a few common mistakes such as inserting a random character before or after, capitalizing (or not) the first character, or mistakenly using capslock. Facebook applies these filters one by one and checks the newly "corrected" password against what they have hashed in their database. If one of the permutations matches, Facebook assumes you simply made a small mistake and authorizes your session.



      While worrying at first glance, this is actually still perfectly secure for a few reasons. First and foremost, Facebook is able to do this without storing the password in plaintext because they are transforming your provided (and untrusted) input from the form field and checking if it matches. Secondly, this isn't very helpful for someone trying to bruteforce the password because online attacks are nigh impossible thanks to ratelimiting and captchas. Finally, the odds of an attacker/evil spouse knowing the text of your password and not the capitalization are abysmally small and so the risk created as a result of this feature is equally small.



      Should you be worried? No, probably not.



      Further reading: https://www.howtogeek.com/402761/facebook-fudges-your-password-for-your-convenience/






      share|improve this answer





























        9














        Facebook is allowing you to make a handful of mistakes to ease the login process. A Facebook engineer explained the process at a conference. The gist of it is that Facebook will try various permutations of the input you submitted and see if they match the hash they have in their databae



        For example, if your password is "myRealPassword!" but you submit "MYrEALpASSWORD!" (capslock on, shift inverting capslock). The submitted password obviously doesn't match what they have stored. Rather than reject you flat out, Facebook tries to up the user experience by trying to "correct" a few common mistakes such as inserting a random character before or after, capitalizing (or not) the first character, or mistakenly using capslock. Facebook applies these filters one by one and checks the newly "corrected" password against what they have hashed in their database. If one of the permutations matches, Facebook assumes you simply made a small mistake and authorizes your session.



        While worrying at first glance, this is actually still perfectly secure for a few reasons. First and foremost, Facebook is able to do this without storing the password in plaintext because they are transforming your provided (and untrusted) input from the form field and checking if it matches. Secondly, this isn't very helpful for someone trying to bruteforce the password because online attacks are nigh impossible thanks to ratelimiting and captchas. Finally, the odds of an attacker/evil spouse knowing the text of your password and not the capitalization are abysmally small and so the risk created as a result of this feature is equally small.



        Should you be worried? No, probably not.



        Further reading: https://www.howtogeek.com/402761/facebook-fudges-your-password-for-your-convenience/






        share|improve this answer



























          9












          9








          9







          Facebook is allowing you to make a handful of mistakes to ease the login process. A Facebook engineer explained the process at a conference. The gist of it is that Facebook will try various permutations of the input you submitted and see if they match the hash they have in their databae



          For example, if your password is "myRealPassword!" but you submit "MYrEALpASSWORD!" (capslock on, shift inverting capslock). The submitted password obviously doesn't match what they have stored. Rather than reject you flat out, Facebook tries to up the user experience by trying to "correct" a few common mistakes such as inserting a random character before or after, capitalizing (or not) the first character, or mistakenly using capslock. Facebook applies these filters one by one and checks the newly "corrected" password against what they have hashed in their database. If one of the permutations matches, Facebook assumes you simply made a small mistake and authorizes your session.



          While worrying at first glance, this is actually still perfectly secure for a few reasons. First and foremost, Facebook is able to do this without storing the password in plaintext because they are transforming your provided (and untrusted) input from the form field and checking if it matches. Secondly, this isn't very helpful for someone trying to bruteforce the password because online attacks are nigh impossible thanks to ratelimiting and captchas. Finally, the odds of an attacker/evil spouse knowing the text of your password and not the capitalization are abysmally small and so the risk created as a result of this feature is equally small.



          Should you be worried? No, probably not.



          Further reading: https://www.howtogeek.com/402761/facebook-fudges-your-password-for-your-convenience/






          share|improve this answer













          Facebook is allowing you to make a handful of mistakes to ease the login process. A Facebook engineer explained the process at a conference. The gist of it is that Facebook will try various permutations of the input you submitted and see if they match the hash they have in their databae



          For example, if your password is "myRealPassword!" but you submit "MYrEALpASSWORD!" (capslock on, shift inverting capslock). The submitted password obviously doesn't match what they have stored. Rather than reject you flat out, Facebook tries to up the user experience by trying to "correct" a few common mistakes such as inserting a random character before or after, capitalizing (or not) the first character, or mistakenly using capslock. Facebook applies these filters one by one and checks the newly "corrected" password against what they have hashed in their database. If one of the permutations matches, Facebook assumes you simply made a small mistake and authorizes your session.



          While worrying at first glance, this is actually still perfectly secure for a few reasons. First and foremost, Facebook is able to do this without storing the password in plaintext because they are transforming your provided (and untrusted) input from the form field and checking if it matches. Secondly, this isn't very helpful for someone trying to bruteforce the password because online attacks are nigh impossible thanks to ratelimiting and captchas. Finally, the odds of an attacker/evil spouse knowing the text of your password and not the capitalization are abysmally small and so the risk created as a result of this feature is equally small.



          Should you be worried? No, probably not.



          Further reading: https://www.howtogeek.com/402761/facebook-fudges-your-password-for-your-convenience/







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered 8 hours ago









          SirensSirens

          1,1024 silver badges16 bronze badges




          1,1024 silver badges16 bronze badges


























              2














              It is long know that Facebook allows you on purpose to log in with the password case reversed or the first character capitalized (see this article). They do this by storing the different hashes of the password. Are you seeing that more differences are allowed?



              Apparently, they also have some similar usability features for the email address.
              Automatically "correcting" gmail.comm to gmail.com is actually harmless, since there's (currently) no comm tld, so nobody would actually have a valid gmail.comm email address. I am however surprised that they would allow gmadil.com (currently for sale) or a different username, as that could be someone else's email address.



              They might have decided that usability is of utter importance and, if there is a log in attempt for an email address for which there is not an account, automatically attempt the log in with the most similar username, but -while not completely bad- it doesn't seem a good approach, as someone else could sign up tomorrow with the ezfxample@gmail.com email and, although unlikely, also use Password123 as password, then what?



              Update: This had been tested a few years back by Lukas on Does correcting misspelled usernames create a security risk? and apparently logging in with a misspelled email address only works when you have not deleted Facebook cookies from your earlier session. Thus, it only autocorrects your email address when it knows that you used to log in as example@gmail.com, and otherwise fails.



              Note: AndyGrayland had suggested earlier that the cookies could be playing a part of this, but it is now in a deleted answer.






              share|improve this answer































                2














                It is long know that Facebook allows you on purpose to log in with the password case reversed or the first character capitalized (see this article). They do this by storing the different hashes of the password. Are you seeing that more differences are allowed?



                Apparently, they also have some similar usability features for the email address.
                Automatically "correcting" gmail.comm to gmail.com is actually harmless, since there's (currently) no comm tld, so nobody would actually have a valid gmail.comm email address. I am however surprised that they would allow gmadil.com (currently for sale) or a different username, as that could be someone else's email address.



                They might have decided that usability is of utter importance and, if there is a log in attempt for an email address for which there is not an account, automatically attempt the log in with the most similar username, but -while not completely bad- it doesn't seem a good approach, as someone else could sign up tomorrow with the ezfxample@gmail.com email and, although unlikely, also use Password123 as password, then what?



                Update: This had been tested a few years back by Lukas on Does correcting misspelled usernames create a security risk? and apparently logging in with a misspelled email address only works when you have not deleted Facebook cookies from your earlier session. Thus, it only autocorrects your email address when it knows that you used to log in as example@gmail.com, and otherwise fails.



                Note: AndyGrayland had suggested earlier that the cookies could be playing a part of this, but it is now in a deleted answer.






                share|improve this answer





























                  2












                  2








                  2







                  It is long know that Facebook allows you on purpose to log in with the password case reversed or the first character capitalized (see this article). They do this by storing the different hashes of the password. Are you seeing that more differences are allowed?



                  Apparently, they also have some similar usability features for the email address.
                  Automatically "correcting" gmail.comm to gmail.com is actually harmless, since there's (currently) no comm tld, so nobody would actually have a valid gmail.comm email address. I am however surprised that they would allow gmadil.com (currently for sale) or a different username, as that could be someone else's email address.



                  They might have decided that usability is of utter importance and, if there is a log in attempt for an email address for which there is not an account, automatically attempt the log in with the most similar username, but -while not completely bad- it doesn't seem a good approach, as someone else could sign up tomorrow with the ezfxample@gmail.com email and, although unlikely, also use Password123 as password, then what?



                  Update: This had been tested a few years back by Lukas on Does correcting misspelled usernames create a security risk? and apparently logging in with a misspelled email address only works when you have not deleted Facebook cookies from your earlier session. Thus, it only autocorrects your email address when it knows that you used to log in as example@gmail.com, and otherwise fails.



                  Note: AndyGrayland had suggested earlier that the cookies could be playing a part of this, but it is now in a deleted answer.






                  share|improve this answer















                  It is long know that Facebook allows you on purpose to log in with the password case reversed or the first character capitalized (see this article). They do this by storing the different hashes of the password. Are you seeing that more differences are allowed?



                  Apparently, they also have some similar usability features for the email address.
                  Automatically "correcting" gmail.comm to gmail.com is actually harmless, since there's (currently) no comm tld, so nobody would actually have a valid gmail.comm email address. I am however surprised that they would allow gmadil.com (currently for sale) or a different username, as that could be someone else's email address.



                  They might have decided that usability is of utter importance and, if there is a log in attempt for an email address for which there is not an account, automatically attempt the log in with the most similar username, but -while not completely bad- it doesn't seem a good approach, as someone else could sign up tomorrow with the ezfxample@gmail.com email and, although unlikely, also use Password123 as password, then what?



                  Update: This had been tested a few years back by Lukas on Does correcting misspelled usernames create a security risk? and apparently logging in with a misspelled email address only works when you have not deleted Facebook cookies from your earlier session. Thus, it only autocorrects your email address when it knows that you used to log in as example@gmail.com, and otherwise fails.



                  Note: AndyGrayland had suggested earlier that the cookies could be playing a part of this, but it is now in a deleted answer.







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited 8 hours ago

























                  answered 8 hours ago









                  ÁngelÁngel

                  10.2k2 gold badges15 silver badges41 bronze badges




                  10.2k2 gold badges15 silver badges41 bronze badges






























                      draft saved

                      draft discarded
















































                      Thanks for contributing an answer to Information Security Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f214814%2fwhy-can-i-log-in-to-my-facebook-account-with-misspelled-email-password%23new-answer', 'question_page');

                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      19. јануар Садржај Догађаји Рођења Смрти Празници и дани сећања Види још Референце Мени за навигацијуу

                      Israel Cuprins Etimologie | Istorie | Geografie | Politică | Demografie | Educație | Economie | Cultură | Note explicative | Note bibliografice | Bibliografie | Legături externe | Meniu de navigaresite web oficialfacebooktweeterGoogle+Instagramcanal YouTubeInstagramtextmodificaremodificarewww.technion.ac.ilnew.huji.ac.ilwww.weizmann.ac.ilwww1.biu.ac.ilenglish.tau.ac.ilwww.haifa.ac.ilin.bgu.ac.ilwww.openu.ac.ilwww.ariel.ac.ilCIA FactbookHarta Israelului"Negotiating Jerusalem," Palestine–Israel JournalThe Schizoid Nature of Modern Hebrew: A Slavic Language in Search of a Semitic Past„Arabic in Israel: an official language and a cultural bridge”„Latest Population Statistics for Israel”„Israel Population”„Tables”„Report for Selected Countries and Subjects”Human Development Report 2016: Human Development for Everyone„Distribution of family income - Gini index”The World FactbookJerusalem Law„Israel”„Israel”„Zionist Leaders: David Ben-Gurion 1886–1973”„The status of Jerusalem”„Analysis: Kadima's big plans”„Israel's Hard-Learned Lessons”„The Legacy of Undefined Borders, Tel Aviv Notes No. 40, 5 iunie 2002”„Israel Journal: A Land Without Borders”„Population”„Israel closes decade with population of 7.5 million”Time Series-DataBank„Selected Statistics on Jerusalem Day 2007 (Hebrew)”Golan belongs to Syria, Druze protestGlobal Survey 2006: Middle East Progress Amid Global Gains in FreedomWHO: Life expectancy in Israel among highest in the worldInternational Monetary Fund, World Economic Outlook Database, April 2011: Nominal GDP list of countries. Data for the year 2010.„Israel's accession to the OECD”Popular Opinion„On the Move”Hosea 12:5„Walking the Bible Timeline”„Palestine: History”„Return to Zion”An invention called 'the Jewish people' – Haaretz – Israel NewsoriginalJewish and Non-Jewish Population of Palestine-Israel (1517–2004)ImmigrationJewishvirtuallibrary.orgChapter One: The Heralders of Zionism„The birth of modern Israel: A scrap of paper that changed history”„League of Nations: The Mandate for Palestine, 24 iulie 1922”The Population of Palestine Prior to 1948originalBackground Paper No. 47 (ST/DPI/SER.A/47)History: Foreign DominationTwo Hundred and Seventh Plenary Meeting„Israel (Labor Zionism)”Population, by Religion and Population GroupThe Suez CrisisAdolf EichmannJustice Ministry Reply to Amnesty International Report„The Interregnum”Israel Ministry of Foreign Affairs – The Palestinian National Covenant- July 1968Research on terrorism: trends, achievements & failuresThe Routledge Atlas of the Arab–Israeli conflict: The Complete History of the Struggle and the Efforts to Resolve It"George Habash, Palestinian Terrorism Tactician, Dies at 82."„1973: Arab states attack Israeli forces”Agranat Commission„Has Israel Annexed East Jerusalem?”original„After 4 Years, Intifada Still Smolders”From the End of the Cold War to 2001originalThe Oslo Accords, 1993Israel-PLO Recognition – Exchange of Letters between PM Rabin and Chairman Arafat – Sept 9- 1993Foundation for Middle East PeaceSources of Population Growth: Total Israeli Population and Settler Population, 1991–2003original„Israel marks Rabin assassination”The Wye River Memorandumoriginal„West Bank barrier route disputed, Israeli missile kills 2”"Permanent Ceasefire to Be Based on Creation Of Buffer Zone Free of Armed Personnel Other than UN, Lebanese Forces"„Hezbollah kills 8 soldiers, kidnaps two in offensive on northern border”„Olmert confirms peace talks with Syria”„Battleground Gaza: Israeli ground forces invade the strip”„IDF begins Gaza troop withdrawal, hours after ending 3-week offensive”„THE LAND: Geography and Climate”„Area of districts, sub-districts, natural regions and lakes”„Israel - Geography”„Makhteshim Country”Israel and the Palestinian Territories„Makhtesh Ramon”„The Living Dead Sea”„Temperatures reach record high in Pakistan”„Climate Extremes In Israel”Israel in figures„Deuteronom”„JNF: 240 million trees planted since 1901”„Vegetation of Israel and Neighboring Countries”Environmental Law in Israel„Executive branch”„Israel's election process explained”„The Electoral System in Israel”„Constitution for Israel”„All 120 incoming Knesset members”„Statul ISRAEL”„The Judiciary: The Court System”„Israel's high court unique in region”„Israel and the International Criminal Court: A Legal Battlefield”„Localities and population, by population group, district, sub-district and natural region”„Israel: Districts, Major Cities, Urban Localities & Metropolitan Areas”„Israel-Egypt Relations: Background & Overview of Peace Treaty”„Solana to Haaretz: New Rules of War Needed for Age of Terror”„Israel's Announcement Regarding Settlements”„United Nations Security Council Resolution 497”„Security Council resolution 478 (1980) on the status of Jerusalem”„Arabs will ask U.N. to seek razing of Israeli wall”„Olmert: Willing to trade land for peace”„Mapping Peace between Syria and Israel”„Egypt: Israel must accept the land-for-peace formula”„Israel: Age structure from 2005 to 2015”„Global, regional, and national disability-adjusted life years (DALYs) for 306 diseases and injuries and healthy life expectancy (HALE) for 188 countries, 1990–2013: quantifying the epidemiological transition”10.1016/S0140-6736(15)61340-X„World Health Statistics 2014”„Life expectancy for Israeli men world's 4th highest”„Family Structure and Well-Being Across Israel's Diverse Population”„Fertility among Jewish and Muslim Women in Israel, by Level of Religiosity, 1979-2009”„Israel leaders in birth rate, but poverty major challenge”„Ethnic Groups”„Israel's population: Over 8.5 million”„Israel - Ethnic groups”„Jews, by country of origin and age”„Minority Communities in Israel: Background & Overview”„Israel”„Language in Israel”„Selected Data from the 2011 Social Survey on Mastery of the Hebrew Language and Usage of Languages”„Religions”„5 facts about Israeli Druze, a unique religious and ethnic group”„Israël”Israel Country Study Guide„Haredi city in Negev – blessing or curse?”„New town Harish harbors hopes of being more than another Pleasantville”„List of localities, in alphabetical order”„Muncitorii români, doriți în Israel”„Prietenia româno-israeliană la nevoie se cunoaște”„The Higher Education System in Israel”„Middle East”„Academic Ranking of World Universities 2016”„Israel”„Israel”„Jewish Nobel Prize Winners”„All Nobel Prizes in Literature”„All Nobel Peace Prizes”„All Prizes in Economic Sciences”„All Nobel Prizes in Chemistry”„List of Fields Medallists”„Sakharov Prize”„Țara care și-a sfidat "destinul" și se bate umăr la umăr cu Silicon Valley”„Apple's R&D center in Israel grew to about 800 employees”„Tim Cook: Apple's Herzliya R&D center second-largest in world”„Lecții de economie de la Israel”„Land use”Israel Investment and Business GuideA Country Study: IsraelCentral Bureau of StatisticsFlorin Diaconu, „Kadima: Flexibilitate și pragmatism, dar nici un compromis în chestiuni vitale", în Revista Institutului Diplomatic Român, anul I, numărul I, semestrul I, 2006, pp. 71-72Florin Diaconu, „Likud: Dreapta israeliană constant opusă retrocedării teritoriilor cureite prin luptă în 1967", în Revista Institutului Diplomatic Român, anul I, numărul I, semestrul I, 2006, pp. 73-74MassadaIsraelul a crescut in 50 de ani cât alte state intr-un mileniuIsrael Government PortalIsraelIsraelIsraelmmmmmXX451232cb118646298(data)4027808-634110000 0004 0372 0767n7900328503691455-bb46-37e3-91d2-cb064a35ffcc1003570400564274ge1294033523775214929302638955X146498911146498911

                      Кастелфранко ди Сопра Становништво Референце Спољашње везе Мени за навигацију43°37′18″ СГШ; 11°33′32″ ИГД / 43.62156° СГШ; 11.55885° ИГД / 43.62156; 11.5588543°37′18″ СГШ; 11°33′32″ ИГД / 43.62156° СГШ; 11.55885° ИГД / 43.62156; 11.558853179688„The GeoNames geographical database”„Istituto Nazionale di Statistica”проширитиууWorldCat156923403n850174324558639-1cb14643287r(подаци)