CNBC taught a horribly botched lesson in password security

It did teach you how to easily leak those passwords, though.

Sponsored Links

Jon Fingas
March 30, 2016 1:54 PM
Lichtmeister Photography Productions e.U. via Getty Images
Lichtmeister Photography Productions e.U. via Getty Images

CNBC just learned a hard, hard lesson about password security. The news outlet posted (and promptly took down) an article on the subject whose centerpiece was a "how strong is your password?" text entry box that, if anything, was a classic example of how not to manage those all-important logins. For a start, Google's Adrienne Porter Felt noticed that the box sent your password unencrypted, guaranteeing that any snoop could intercept it and test it against your real accounts. To make matters worse, others discovered that the site sent the password to not just a Google Docs spreadsheet, but to multiple third parties -- when CNBC said "no passwords are being stored," it was flat-out wrong.

Things wouldn't have gone well even if the text field was airtight. The tool appeared to underestimate how long it would take to crack passwords, potentially lulling you into a false sense of security. In fairness, CNBC is aware of what happened and is spending time improving the tool. The real question is why the initial version didn't appear to get serious scrutiny before it went live -- if you're going to educate the public about the value of good security, you need to practice what you preach.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget