Monday, May 9, 2016

The Only Way To Pass This Test Is Not To Take It

from here

Whether it's a program that could be a password stealer for all you know, or a website that shares your password in the clear with dozens of advertisers, there's really no good way to implement a password strength test without expecting users to do something unwise with their passwords. Password strength testers really need to go extinct because they do not help improve people's security, they promote insecure behaviour.

(Just a reminder: as cool as dinosaurs may be, you don't want to be a security dinosaur).