Arstechnica: An educational website that bills itself as the UK’s top source for “unbiased, factual and easy-to-understand information on online safety” isn’t living up to its promise. Not only is the password strength meter for Get Safe Online completely unreliable, it also transmits user-supplied candidates in address URLs, where they are vulnerable to hackers and shoulder surfers alike.
The sole exhibit in making this case is the above screenshot, showing how the Get Safe Onlinepassword checker graded the choice “Julia1984.” As Ars chronicled two years ago, the password will typically fall in the first minute or so of a standard offline cracking session, because it contains an extremely common name followed by four digits, in a futile attempt to add randomness.