My keys are plenty strong, but when I mistype a strong key (which is plausible seeing as I can't see what I'm typing) then I'm fine with sacrificing some strength to just accept it. My key is already well beyond practical attack anyway.
That said, if you WERE to use something like 2, you'd have to be much more diligent about enforcing good passwords, also you'd have to come up with some kinda scheme that could work with "close enough" and not reveal information about the password.
Even assuming 2 is a good idea, I have no idea how that could be implemented. A major desirable property of a good password hashing algorithm is that slightly differing inputs should produce wildly differing hashes, and the login authenticator should only ever know the password hash and not the password itself.
ect, then check the submitted password by testing it against these hashes by removing characters in the same fashion.
Just as an early idea.
I think it's a good idea, what if you could encourage users to use stronger passwords by telling them that "the system will forgive near misses, so don't be afraid"?
My keys are plenty strong, but when I mistype a strong key (which is plausible seeing as I can't see what I'm typing) then I'm fine with sacrificing some strength to just accept it. My key is already well beyond practical attack anyway.
That said, if you WERE to use something like 2, you'd have to be much more diligent about enforcing good passwords, also you'd have to come up with some kinda scheme that could work with "close enough" and not reveal information about the password.