We keep seeing sites that offer to check your passwords and make sure they are safe and secure.
One that popped up on Twitter today is http://www.sbrcentre.co.uk/pages/3031/1/Check_Your_Password.html This aims to educate you and suggest how long it would take to crack your password.
Entering any password on any of these sites is a total mistake. All these sites that tell you how long and secure your password is, are pure snake oil and a high rating means absolutely nothing in the real world.
First look at the site. It uses standard HTTP not an encrypted HTTPS connection, so in the event you have any problems on your network, anything you send to that site can be easily intercepted.
Secondly even though they say that they do not retain any passwords, how do you know that is true. A misconfiguration can easily store every password in plain text for any hacker to obtain and potentially track back to you.
I made up a password to test it
By all means try it out with a fake password but don’t rely on being safe because of that fake password. Most breaches come because of errors or user interaction not having a short password
Having a long, complicated password that would, take 17 trillion years to crack does not mean you are safe. A high proportion of password hacks either come from the website that holds your password and it doesn’t matter if it is 2 characters long or 20000 characters long, if the site doesn’t encrypt stored passwords and keep them in plain text for any hacker to get hold of via security holes in that site.
The other primary password loss method is YOU, when you enter details on a fake website or respond to a phishing email and give away all your passwords or log in information.
In many cases a long complicated password is a detriment because you cannot remember it and write it down on a sticky note pinned to the monitor for everyone to see. Either use a password manager or use an easy to remember pass phrase or combination or words that mean something to you & no-one else, rather than a single word.