This seems like one picked up data packet away from being a bad idea. Am I overthinking this?
This is probably fine. The connection to DDG will be over HTTPS, so a captured packet would need to be decoded first. And if someone were to manage to break the encryption, then they would also need to know what service you used the password for.
Ultimately, it’s more secure to generate locally, but it would be a huge amount of work to get anything usable out of a packet capture
Are they sending data? I’m pretty sure this will just be generated on the client.
Yeah, I tested it. It’s not a client side thing, it is part of the search page output.
might as well send them feedback about that, ddg seems to actually give half a shit about users and it should be a very trivial thing to change.
oof
That’s fucked up, they should not do that. Even if they do it in a way that users are actually secure (maybe generating the password in the browser, nothing serverside?), it isn’t good to train people to trust a website for this.
I’ve started using https://neal.fun/password-game/ to generate passwords 😊
Or just use your password manager. Where you save that password.
gasp what??
![TIL that if you search "Password generator, [x] characters, [y] strength" at DuckDuckGo, it will generate a password for you.](https://lemmy.world/pictrs/image/31a5b1e1-4330-4a27-aa88-cc47a25acb05.jpeg){kind=link}