Kudos to howsecureismypassword.net — I’ve just revisited their site, to discover that their home page now bears the disclaimer (and useful advice):
This site could be stealing your password… it’s not, but it easily could be. Be careful where you type your password.
Original post follows…
Here’s a thing (click on pic if you wish — I can’t stop you):
… except that I’m a cynic.
Is my password safe?
Why doesn’t the site use HTTPS?
You won’t get a little padlock sign for this site, which means it’s not using HTTPS – an encrypted form of HTTP. This is because no information is passed between your computer and the server, so there’s nothing that needs encrypting.
Now, while all this is almost certainly absolutely more or less true (probably)…
There’s nothing that guarantees that ‘nothing else will pass between your computer and the server’ when your computer is connected to the Internet (disconnection being offered as the ‘proof’). Similarly, the dismissal of the lack of a padlock doesn’t actually prove a lack of transmission.**
This website could be a trojan horse, designed to capture your password (while doing its level best to convince you it’s not doing that).
I’m not saying it is. I’m saying it could be.
So by all means, use it to test text strings for their suitability as passwords…
… but if I were you, I wouldn’t use sites like this (nor even this) to test any (of the many*) passwords you actually use.
* You do use more than just one password for all your Internet stuphies, right?
** Incidentally, I have an earlier rant that touches on that blessed padlock.
Well said. Anyone who needs help in determining the strength of their password, probably needs help getting dressed in the morning. So, if you are silly enough to use a website like this, you deserve whatever grief you get.
The principles of a secure password are not complicated – a mixture of letters and numbers; the longer the better. However, for those that are really paranoid you can make it much harder to break (and to use) if you make it case-sensitive.
*tries to bite tongue, fails* I think the getting dressed quip is a bit harsh, Martin. One of the problems I have with computer technology is the implicit assumption that you shouldn’t use it unless you know what you’re doing. If that were valid then — since nobody knows everything — none of us should use computers. (Sometimes I wonder whether that might not be a good idea anyway.)
May be it was a little bit harsh but, really, passwords are not rocket science.
For the record, neither is the consequences of burning fossil fuels (a.k.a. AGW).
Oddly enough, there’s only one thing that is rocket science :)
I am with Martin. People who use 1234 as a password or need third party password checkers have a problem not adequately addressed by third party password checkers. Tee-hee.
P.S. In all likelihood, it’s a trap. Who in their right (honest) mind would expend their programming energies on an effing password checker?!
What an excellent clip. If I wasn’t so desperately short of cash, I would have bought the entire Star Wars hexology(?) on DVD for my children but, let’s be honest, I would have been buying it primarily so I could watch it with them…
You might want to consider the ASCIImation version :)
Pingback: Yet more clueless software design | Wibble
Pingback: A technique for improving your safety in cyberspace | Wibble
Pingback: Passwords: Forgot your password? | Wibble