Is the tweet below good advice from @GetSafeOnline?
— GetSafeOnline.org (@GetSafeOnline) June 18, 2013
I dutifully (and suspiciously) followed the link, and tried a few of my favourite (not used anywhere) passwords. To get a strength of 75% or above, you need some really complex passwords – sadly as identified in Challenges with unique passwords they quite often do not work, as they fall foul of the simplicity rules!
Putting that to one side, is it a sensible thing to be encouraging users to test passwords on public web sites?
I accept the article has a disclaimer:
(Never enter your real password into a password checker, as unlike this one, some may be fake)
But come to think of it, how do I know this one is not fake?
If I am a spear phisher, what a great site to mock up, and get my victims to enter their password on my fake site. Many users would comply — after all GetSafeOnline is a trusted brand (how many would spot the spear-phish fake).
GetSafeOnline, please keep up the good work — I am a fan, but find this article a little odd.
What’s your view?