icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
30 Mar, 2016 13:08

Epic fail: CNBC botches online security tutorial, asks readers for passwords

Epic fail: CNBC botches online security tutorial, asks readers for passwords

CNBC’s misguided attempt to teach readers about online security by asking them to input their passwords into a widget on the news website has put users’ information at risk.

The article “Apple and the construction of secure passwords” was published Tuesday on CNBC’s blog The Big Crunch and asked readers to test password strength with an interactive tool.

The article prompted readers to enter their passwords into a special took to check their security.

It wasn’t long, however, before a number of security experts weighed in, pointing out the experiment’s flaws.

Firstly the site was not using HTTPS web encryption - the secure version of HTTP which ensures communications between browser and website are encrypted - as pointed out by Google security engineer Adrienne Porter Felt.

Once users submitted their password information it was sent to a Googledoc, leaving it open to hackers as it travelled unsecurely through the internet.

Security and privacy researcher Ashkan Soltani also pointed out that the information is shared with third parties, such as advertisers and analytics providers, who take data from CNBC.com.

CNBC have since removed the article, without comment.

Podcasts
0:00
23:13
0:00
25:0