Skip to main content

CNBC just made a huge mistake with its password security tool

Supposedly, those who can’t do, teach, but when it comes to password protection, CNBC apparently can’t do either. In a massive security failure, a CNBC columnist attempted to drive a point home regarding password strength, but instead shared participants’ passwords with third-party marketers. So if you entered your password into CNBC’s supposedly protected tool, you may want to consider changing your codes.

It all started with a well-intentioned CNBC article in The Big Crunch, which included an interactive tool that would test the security of readers’ passwords. Once you entered your chosen string, the site determined how common your password was, how long and varied the characters involved were, and ultimately, how secure it was. The problem, however, was that no matter how secure your password may have been before you submitted it, CNBC then proceeded to share it (unbeknownst even to the company, it would seem).

Recommended Videos

The article (and faulty tool) has since been taken down in acknowledgement of the huge oversight in security practices. Adrienne Porter of Google initially pointed out that your password was sent through the CNBC site unencrypted, which means that anyone could’ve intercepted it at just about any point. And worse yet, while CNBC insisted that “no passwords are being stored,” that was a lie. In fact, your password was sent not only to a Google spreadsheet, but also to over 30 third parties including advertisers and analytics providers.

https://twitter.com/bennyfactor/status/714897608909697024?ref_src=twsrc%5Etfw

Needless to say, people were not pleased with these significant failures, and Twitter users were almost immediately up in arms. As independent security and privacy researcher Ashkan Soltani tweeted, “This is a story of exactly what *NOT* to do when trying to educate users about password security.”

Oh, and by the way, the tool was apparently also providing incorrect information as to the actual security of your password. But honestly, that’s probably the least of CNBC’s concerns at this point.

Lulu Chang
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Is LastPass safe? Here’s what we know about its security history
LastPass website on a laptop.

LastPass has been in the news quite a bit over the past decade. Following some data breaches and security incidents, you may be wondering if it’s now safe to use the well-known password manager -- whether you’re a previous, current, or potential LastPass user.

Let’s take a look at LastPass’ current features and security measures along with the previous incidents.
What is LastPass?

Read more
Airbnb just made a big decision on cameras inside properties
The Airbnb logo superimposed over a rental property.

Airbnb announced on Monday that it is banning the use of indoor security cameras in its listed properties globally.

It said it was making the move as part of efforts to simplify its policy on security cameras and other devices and " continue to prioritize the privacy of our community.”

Read more
Windows may have a serious security problem on its hands
A finger pressing on a fingerprint reader on a laptop.

The premier sensors enabling Windows Hello fingerprint authentication are not as secure as manufacturers had hoped. Researchers have discovered security flaws in a number of fingerprint sensors used in several laptops that work with the Windows Hello authentication feature.

Security researchers at Blackwing Intelligence have uncovered that laptops made by Dell, Lenovo, and Microsoft can have their Windows Hello fingerprint authentication bypassed easily due to vulnerabilities in the sensors that can cause them to be taken over by bad actors at the system level.

Read more