Kudos to howsecureismypassword.net — I’ve just revisited their site, to discover that their home page now bears the disclaimer (and useful advice):
This site could be stealing your password… it’s not, but it easily could be. Be careful where you type your password.
Original post follows…
Here’s a thing (click on pic if you wish — I can’t stop you):
… except that I’m a cynic.
Is my password safe?
Why doesn’t the site use HTTPS?
You won’t get a little padlock sign for this site, which means it’s not using HTTPS – an encrypted form of HTTP. This is because no information is passed between your computer and the server, so there’s nothing that needs encrypting.
Now, while all this is almost certainly absolutely more or less true (probably)…
There’s nothing that guarantees that ‘nothing else will pass between your computer and the server’ when your computer is connected to the Internet (disconnection being offered as the ‘proof’). Similarly, the dismissal of the lack of a padlock doesn’t actually prove a lack of transmission.**
This website could be a trojan horse, designed to capture your password (while doing its level best to convince you it’s not doing that).
I’m not saying it is. I’m saying it could be.
So by all means, use it to test text strings for their suitability as passwords…
… but if I were you, I wouldn’t use sites like this (nor even this) to test any (of the many*) passwords you actually use.
* You do use more than just one password for all your Internet stuphies, right?
** Incidentally, I have an earlier rant that touches on that blessed padlock.