On Thu, Nov 17, 2016 at 12:28 PM, Pine W <wiki.pine(a)gmail.com> wrote:
1. If you don't trust that strength testing site
(which is fine), choose
another. I did a couple of quick checks on that site; while it's entirely
possible that I missed something, it appeared to me that the site was not
sending passwords over the Internet, whether in the clear or encrypted. The
use of HTTP or HTTPS is irrelevant if the data isn't getting sent out in
the first place.
Or use a password manager that has a local built-in password strength tool,
that way you don't risk being MiTMed by an HTTP site.
In general, as mentioned, you should simply not enter your password on any
website that is not the site the password belongs to. For my full-time job,
employees have a Chrome extension where accidentally type your password on
any website (even if it's not in a text box) you're required to reset it.
*-- *
Regards,
*Tyler Romeo*
0x405d34a7c86b42df
https://parent5446.nyc