Password Reuse

[westi]

A friend an I have considered a number of times setting up something like http://ismypasswordsecure.com and just collecting passwords that way.

This is of course pure evil and we never figured a way in which it had a return apart from publishing lists of common passwords.

[AngryParsley]

Instead of collecting the passwords, have the submission button show a page about sane password practices. (Something similar to http://ismycreditcardstolen.com/)

[westi]

I just wouldn't want to actively encourage anyone to enter their password in a webpage like that.

We need to train people to behave more securely.

[nodata]

Microsoft already has one, on a non-SSL page: http://www.microsoft.com/uk/protect/yourself/password/checke...

[arethuza]

I checked with Fiddler and it's client side only - no outgoing traffic back to a server!

Still, I don't think this is a great idea. You could harvest a lot of passwords with a page like this.

[nodata]

But it doesn't matter if it's client side only:

* It might not be in future

* It's not using SSL, so anybody in between can make it stop being client side only whenever they like

* It's a terrible, terrible idea to teach users to trust things like this.