[update 09Feb2014]
Kudos to howsecureismypassword.net — I’ve just revisited their site, to discover that their home page now bears the disclaimer (and useful advice):
This site could be stealing your password… it’s not, but it easily could be. Be careful where you type your password.
I see also that there’s no longer a ‘privacy policy’ associated with this page, which I think is probably a good thing; an example of how, sometimes, less is more.
Original post follows…
[/update]
Here’s a thing (click on pic if you wish — I can’t stop you):
Useful…
… except that I’m a cynic.
There’s a ‘privacy policy’ link at the foot of the howsecureismypassword website’s home. What the privacy policy says is:
Is my password safe?
How Secure Is My Password uses JavaScript, which is a client side language – all the calculations are performed by your computer. This means that once you’ve loaded the site in your browser nothing else will pass between your computer and the server – nothing you type in leaves your computer. If you’d like to check this you can load the site and then turn off your internet connection – everything will continue to work.
Why doesn’t the site use HTTPS?
You won’t get a little padlock sign for this site, which means it’s not using HTTPS – an encrypted form of HTTP. This is because no information is passed between your computer and the server, so there’s nothing that needs encrypting.
Now, while all this is almost certainly absolutely more or less true (probably)…
… it could also be a lie, designed to put you at your ease. (I note that although the link to that page is labelled ‘privacy policy’, it doesn’t actually say a thing about howsecureismypassword.net’s policy towards your data. And the title of the ‘privacy policy’ page begins with the word ‘Donate’, which might suggest what’s uppermost in the designer’s mind. Is that telling? You tell me.)
There’s nothing that guarantees that ‘nothing else will pass between your computer and the server’ when your computer is connected to the Internet (disconnection being offered as the ‘proof’). Similarly, the dismissal of the lack of a padlock doesn’t actually prove a lack of transmission.**
This website could be a trojan horse, designed to capture your password (while doing its level best to convince you it’s not doing that).
I’m not saying it is. I’m saying it could be.
So by all means, use it to test text strings for their suitability as passwords…
… but if I were you, I wouldn’t use sites like this (nor even this) to test any (of the many*) passwords you actually use.
* You do use more than just one password for all your Internet stuphies, right?
** Incidentally, I have an earlier rant that touches on that blessed padlock.
Wibble 
Well said. Anyone who needs help in determining the strength of their password, probably needs help getting dressed in the morning. So, if you are silly enough to use a website like this, you deserve whatever grief you get.
The principles of a secure password are not complicated – a mixture of letters and numbers; the longer the better. However, for those that are really paranoid you can make it much harder to break (and to use) if you make it case-sensitive.
LikeLike
*tries to bite tongue, fails* I think the getting dressed quip is a bit harsh, Martin. One of the problems I have with computer technology is the implicit assumption that you shouldn’t use it unless you know what you’re doing. If that were valid then — since nobody knows everything — none of us should use computers. (Sometimes I wonder whether that might not be a good idea anyway.)
LikeLike
May be it was a little bit harsh but, really, passwords are not rocket science.
For the record, neither is the consequences of burning fossil fuels (a.k.a. AGW).
LikeLike
Oddly enough, there’s only one thing that is rocket science :)
LikeLike
I am with Martin. People who use 1234 as a password or need third party password checkers have a problem not adequately addressed by third party password checkers. Tee-hee.
P.S. In all likelihood, it’s a trap. Who in their right (honest) mind would expend their programming energies on an effing password checker?!
LikeLike
LikeLike
What an excellent clip. If I wasn’t so desperately short of cash, I would have bought the entire Star Wars hexology(?) on DVD for my children but, let’s be honest, I would have been buying it primarily so I could watch it with them…
LikeLike
You might want to consider the ASCIImation version :)
LikeLike
Pingback: Yet more clueless software design | Wibble
Pingback: A technique for improving your safety in cyberspace | Wibble
Pingback: Passwords: Forgot your password? | Wibble