On Thu, Nov 17, 2016 at 12:18 AM Antoine Musso hashar+wmf@free.fr wrote:
Le 16/11/2016 à 19:19, Pine W a écrit :
(0) Consider testing your password strength with a tool like http://www.testyourpassword.com/; be sure that the tool you use does not send your chosen password over the Internet and instead tests it locally.
By using an online testing tool, you are effectively breaking the very first rule:
DO NOT GIVE OUT YOUR PASSWORD. EVER.
Using that site is exactly like sharing your password with a random stranger in the world. Even if you trusted that website, and audited the code at a given point in time, you have no guarantee the site hasn't changed or that it is not collecting passwords.
Not to mention, it's plain-old-insecure HTTP, so of course anyone and their mother's uncle could be sniffing the traffic ;-)
Same rule goes for a "generate a random password" site. Don't use them.
-Chad