Hacker News new | past | comments | ask | show | jobs | submit login

Is your password secure? Type it into this box to find out.



Indeed. That site doesn't even pretend to be secure!

There are versions of that site which do everything in Javascript so your password is never sent to the server. That is also insecure but at least they pretend that it is not.

This site is designed to post your password up to the server and even works on HTTP (as opposed to enforcing HTTPS only). So you've just shared your password, IP address, and browser information with a completely anonymous site!

PS - I think this site is DESIGNED to be Javascript only but the implementation is bad, so the password is in fact sent to their server (which generates an "Internal server error" by the way).


To be clear, that's a demo site that's worked for me in the past to preview the software.

You can download it here: https://github.com/c-a-m/passfault

And the project itself is affiliated with OWASP.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: