I typed in my password in Microsoft password strength checker website. Could it now be possible for someone to recover that password from my computer?
Asked
Active
Viewed 681 times
3 Answers
4
From your computer - Not any more than usual, no.
However the owner of the website you used could very easily have a copy of your password!
You shouldn't ever use an online password checker, as you have no control over where your data has gone.
As Neal stated in this answer on a very similar question:
You're unnecessarily exposing your password to some site out there on the internet! Even local applications for password checking may be nefarious. Claims that the site uses javascript and never transmits the password over the Internet cannot be trusted. Some password strength testing sites are surely run by black hats, who just add them to their dictionaries along with whatever other information they can gather about you.
Rory Alsop
- 61,367
- 12
- 115
- 320
-
I completely agree with @Rory, online password checkers are useful tools for learning what makes a strong password, but I'd never use one that I'd checked on one of those sites. At the same time I'd never use a password generated by an online site either! – GdD Nov 21 '12 at 14:26
3
I assume you're referring to the Password Checker page on Microsoft.com.
I've reviewed the HTML for that page and the JavaScript code it runs - https://www.microsoft.com/global/security/RenderingAssets/passwdcheck.js - and can ensure you that your password never leaves your computer.
On the other hand, having reviewed the JavaScript code, I can also tell you that it isn't a very good password checker (mainly because it uses a tiny dictionary).
David Wachtfogel
- 5,512
- 21
- 35
2
If someone sniffed your network transfer (not encrypted), then yes.
If the website owner logs the passwords, then yes.
If the website itself has security holes in combination with 2., then yes.
Shlomo
- 276
- 1
- 2