On 2016-11-17 9:28 AM, Pine W wrote: > 1. If you don't trust that strength testing site (which is fine), choose > another. I did a couple of quick checks on that site; while it's entirely > possible that I missed something, it appeared to me that the site was not > sending passwords over the Internet, whether in the clear or encrypted. The > use of HTTP or HTTPS is irrelevant if the data isn't getting sent out in > the first place. Using HTTP means that a man in the middle could inject a script into these sites that would extract any password entered into them.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/] _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
