This is probably ok. First of all, they’re probably actually doing it in Javascript in the browser. It probably never travels over the network at all. And, if it did, with HTTPS it would be hard to intercept and decrypt except by a government or something.
But, it still gives me the willies to generate a password on a web page. Fundamentally a web browser is still a tool for sending and receiving data over the Internet, and that’s not the kind of tool I’d want to be generating something that I don’t want other people to know or see.
What happens if there’s a bug? If the password is being generated in an app on my local system a badly designed app with a bug could maybe log my newly generated password in a local log file somewhere. If there’s a bug in DuckDuckGo’s javascript, who knows where that newly generated password might be logged?
![TIL that if you search "Password generator, [x] characters, [y] strength" at DuckDuckGo, it will generate a password for you.](https://lemmy.world/pictrs/image/31a5b1e1-4330-4a27-aa88-cc47a25acb05.jpeg){kind=link}
This is probably ok. First of all, they’re probably actually doing it in Javascript in the browser. It probably never travels over the network at all. And, if it did, with HTTPS it would be hard to intercept and decrypt except by a government or something.
But, it still gives me the willies to generate a password on a web page. Fundamentally a web browser is still a tool for sending and receiving data over the Internet, and that’s not the kind of tool I’d want to be generating something that I don’t want other people to know or see.
What happens if there’s a bug? If the password is being generated in an app on my local system a badly designed app with a bug could maybe log my newly generated password in a local log file somewhere. If there’s a bug in DuckDuckGo’s javascript, who knows where that newly generated password might be logged?