CNBC just made a huge mistake with its password security tool

Jim Henderson/Wikimedia
Supposedly, those who can’t do, teach, but when it comes to password protection, CNBC apparently can’t do either. In a massive security failure, a CNBC columnist attempted to drive a point home regarding password strength, but instead shared participants’ passwords with third-party marketers. So if you entered your password into CNBC’s supposedly protected tool, you may want to consider changing your codes.

It all started with a well-intentioned CNBC article in The Big Crunch, which included an interactive tool that would test the security of readers’ passwords. Once you entered your chosen string, the site determined how common your password was, how long and varied the characters involved were, and ultimately, how secure it was. The problem, however, was that no matter how secure your password may have been before you submitted it, CNBC then proceeded to share it (unbeknownst even to the company, it would seem).

The article (and faulty tool) has since been taken down in acknowledgement of the huge oversight in security practices. Adrienne Porter of Google initially pointed out that your password was sent through the CNBC site unencrypted, which means that anyone could’ve intercepted it at just about any point. And worse yet, while CNBC insisted that “no passwords are being stored,” that was a lie. In fact, your password was sent not only to a Google spreadsheet, but also to over 30 third parties including advertisers and analytics providers.

Needless to say, people were not pleased with these significant failures, and Twitter users were almost immediately up in arms. As independent security and privacy researcher Ashkan Soltani tweeted, “This is a story of exactly what *NOT* to do when trying to educate users about password security.”

Oh, and by the way, the tool was apparently also providing incorrect information as to the actual security of your password. But honestly, that’s probably the least of CNBC’s concerns at this point.


Data breach compromises 773 million records, 21 million passwords

A security researcher was alerted to a collection of breached data that included more than 773 million compromised records. After digging deeper, the breach was revealed to contain more than 21 million passwords.

How to use iOS 12’s Passwords and Accounts tool to autofill passwords

Keeping track of all your passwords and accounts can be a real chore. If you use an iPhone with iOS 12, then you don't have to. Here's how to use iOS 12's own password manager to autofill passwords.

Having trouble logging in? Here's how to reset your Apple ID password

To use any of Apple's services, you need to have an Apple ID and know your password. Thankfully, there are ways to deal with forgotten passwords and regain access to your account. Here's how to reset your Apple ID password.

Secure your Excel documents with a password by following these quick steps

Excel documents are used by people and businesses all over the world. Given how often they contain sensitive information, it makes sense to keep them from the wrong eyes. Thankfully, it's easy to secure them with a password.

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for a service without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses via one of these handy services.
Social Media

YouTube to crack down on dangerous stunts like the ‘Bird Box’ challenge

YouTube already bans content showing dangerous activities, but new rules published by the site go into greater detail regarding potentially harmful challenges and pranks, including certain blindfold- or laundry detergent-based stunts.
Social Media

Nearly a million Facebook users followed these fake Russian accounts

Facebook purged two separate groups behind more than 500 fake accounts with Russian ties. One group had ties to Russian news agency Sputnik, while the other had behavior similar to the Internet Research Agency's midterm actions.

Pinning websites to your taskbar is as easy as following these quick steps

Would you like to know how to pin a website to the taskbar in Windows 10 in order to use browser links like apps? Whichever browser you're using, it's easier than you might think. Here's how to get it done.

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.

Delete tracking cookies from your system by following these quick steps

Cookies are useful when it comes to saving your login credentials and other data, but they can also be used by advertisers to track your browsing habits across multiple sites. Here's how to clear cookies in the major browsers.

Switch up your Reddit routine with these interesting, inspiring, and zany subs

So you've just joined the wonderful world of Reddit and want to explore it. With so many subreddits, however, navigating the "front page of the internet" can be daunting. Here are some of the best subreddits to get you started.
Smart Home

Amazon Prime members number more than 100 million in the U.S., survey says

Consumer Intelligence Research Partners estimated there were 101 million U.S. Amazon Prime members as of December 31, 2018. Last April, CEO Jeff Bezos wrote there were more than 100 global million Prime members.

It's not all free money. Here's what to know before you try to mine Bitcoin

Mining Bitcoin today is harder than it used to be, but if you have enough time, money, and cheap electricity, you can still turn a profit. Here's how to get started mining Bitcoin at home and in the cloud.

Need a free alternative to Adobe Illustrator? Here are our favorites

Photoshop and other commercial tools can be expensive, but drawing software doesn't need to be. This list of the best free drawing software is just as powerful as some of the more expensive offerings.