CNBC taught a horribly botched lesson in password safety

CNBC taught a horribly botched lesson in password security

Lichtmeister Images Productions e.U. by way of Getty Pictures

CNBC simply discovered a tough, exhausting lesson about password safety. The information outlet posted (and promptly took down) an article on the topic whose centerpiece was a “how robust is your password?” textual content entry field that, if something, was a basic instance of how not to handle these all-essential logins. For a begin, Google’s Adrienne Porter Felt observed that the field despatched your password unencrypted, guaranteeing that any snoop might intercept it and check it towards your actual accounts. To make issues worse, others found that the location despatched the password to not only a Google Docs spreadsheet, however to a number of third events — when CNBC stated “no passwords are being saved,” it was flat-out incorrect.

Issues would not have gone properly even when the textual content subject was hermetic. The software appeared to underestimate how lengthy it might take to crack passwords, probably lulling you right into a false sense of safety. In equity, CNBC is conscious of what occurred and is spending time enhancing the software. The actual query is why the preliminary model did not seem to get critical scrutiny earlier than it went reside — if you are going to educate the general public concerning the worth of excellent safety, that you must apply what you preach.

apprehensive about safety? enter your password into this @CNBC web site (over HTTP, natch). what might go incorrect pic.twitter.com/FO7JYJfpGR

— Adrienne Porter Felt (@__apf__) March 29, 2016