Facebook Accepts Slightly Mis-typed Passwords
Interesting threads on Hacker News and Stack Overflow. It sounds like Facebook accepts different variations on your password, and it also warns if your new password is too similar to your old one. In both cases, this is done by generating strings (e.g. with different case or the last character removed) based on what you typed. Only the hash of the actual password is stored.
