Facebook lets users into their accounts if they provide
- The original password.
- The password with the case toggled.
- The password with the first letter capitalized, if the password starts with a small letter.
What does this mean?
Lets imagine that the original password you created for your Facebook account is techOFFEE99. Facebook will let you in if you enter TECHoffee99, or if you enter TechOFFEE99.
But how can they!? Isn't my password supposed to be precious?
Yes, it is. Your password is still safe (hopefully). They apparently do this, so that if you unknowingly left your CAPS-lock on, you would still be logged in. The third condition is for mobile users, where mobile phones often capitalize the first letter of a sentence. You'll know this if you have enabled 'Auto Capitalization' in your smartphone.
Original source: http://www.zdnet.com/blog/facebook/facebook-passwords-are-not-case-sensitive-update/3612