Why warn about caps lock for passwords, instead of ignoring caps lock for password characters?
Many login screens warn the user if the caps lock key is switched on. Most prominently the windows login screen.
Does this offer any advantage compared to simply ignoring the caps lock key and detecting the key-presses for the password as if caps lock were disabled?
Why is the warning apparently best practice? Are there uses cases that require caps lock to work inside password fields? Is there a significant fraction of users that choose to enter a password with enabled caps lock?
The reason for the warning is apparent: Since the password characters are hidden, the user may not notice when caps lock is accidentally switched on, causing their login to fail.
There are ways to work around this, such as not hiding the password, or accepting multiple uppercase/lowercase variants of the password. These work even in situations such as web forms, where detecting caps lock state may be difficult.
But assuming that
- hidden characters and case-sensitive passwords are desired, and
- the target application is capable of detecting caps lock state
Why should I display a warning instead of silently solving the issue by disabling the caps lock functionality in password fields?