On Thu, Nov 17, 2016 at 12:18 AM Antoine Musso <hashar+wmf(a)free.fr> wrote:
Le 16/11/2016 à 19:19, Pine W a écrit :
(0) Consider testing your password strength with a tool like
http://www.testyourpassword.com/; be sure that the tool you use does not
send your chosen password over the Internet and instead tests it locally.
By using an online testing tool, you are effectively breaking the very
first rule:
DO NOT GIVE OUT YOUR PASSWORD. EVER.
Using that site is exactly like sharing your password with a random
stranger in the world. Even if you trusted that website, and audited
the code at a given point in time, you have no guarantee the site hasn't
changed or that it is not collecting passwords.
Not to mention, it's plain-old-insecure HTTP, so of course anyone and
their mother's uncle could be sniffing the traffic ;-)
Same rule goes for a "generate a random password" site. Don't use
them.
-Chad