I've been reading articles over the last ten minutes about companies, including banks and credit card companies using case-insensitive passwords. Some articles were a year old but the reason I discovered this because i made the mistake of capitalizing one of the many letters in my password. i hit enter and realized my mistake. Before i could fix the error, it logged me in. I tested this with other letters and mixing it up but it still works.<p>The other articles I read said they allowed the first letter to be either as some mobile devices auto-capitalize words, and they allow reverse caps to allow for caps locked problems, which already seems dumb but that's beyond my argument. The issue is, with JCP, <i>any combination of password capitalization works</i>.<p>I have limited understanding of password encryption, but this would make me think two things: they either purposely did this, or they use some encryption that doesn't distinguish between upper and lower case such as LM.<p>My question is: why would they do this and what should I do? should i inform them or is this more of a "we understand your concern, sir/ma'am, but we have it under control" waste of my time? Also, is this a concern for anyone else?