On 2016-11-17 9:28 AM, Pine W wrote:
1. If you don't trust that strength testing site
(which is fine), choose
another. I did a couple of quick checks on that site; while it's entirely
possible that I missed something, it appeared to me that the site was not
sending passwords over the Internet, whether in the clear or encrypted. The
use of HTTP or HTTPS is irrelevant if the data isn't getting sent out in
the first place.
Using HTTP means that a man in the middle could inject a script
into
these sites that would extract any password entered into them.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [
http://danielfriesen.name/]