Assuming they're right, if you don't store passwords in the clear, you'd have to build all acceptable variants of a password when you get the original, then hash and store all of them, then check them all at next login attempt.<p>If you wanted to add a new kind of "allowable typo" (eg "correct except with capslock") you'd have to wait until the user next logged in to store that variant.
“Websites should be changing their password policies to make users’ lives easier. The security degradation is pretty small.”<p>Security isn't supposed to be convenient. Autocorrecting passwords sounds like a bad idea all-around and will be exploited.