CNBC Password Tutorial Exposed Users' Passwords

This week an article on CNBC’s Big Crunch blog attempted to promote password security but ended up compromising user passwords. Entitled “Apple and the Construction of Secure Passwords," the arti...
Blog rating:1 out of5 with1 ratings

CNBC Password Tutorial Exposed Users' Passwords

by NewsEditor_ on March 31st, 2016 in Industry and Security News.

This week an article on CNBC’s Big Crunch blog attempted to promote password security but ended up compromising user passwords. Entitled “Apple and the Construction of Secure Passwords," the article offered users an opportunity to test their passwords for complexity. Users were encouraged to create passwords using a combination of upper- and lower-case letters, numbers, and symbols to make them harder to crack.

The tool which proposed to test their password’s complexity attempted to tell users how long it would take a hacker to crack their password.  It turned out that the tool was insecure, stored users’ passwords, and transmitted the passwords to CNBC’s advertising partners. 

Soon after the article was published, a number of online security experts weighed in. Adrienne Porter Felt, a part of the Google Chrome security team, pointed out that the password was transmitted without basic encryption. This could have allowed another user on the same network to view the password as it was sent in clear text. 

According to Ashkan Soltani, a privacy and security researcher, the password form also transmitted user passwords to CNBC’s advertising partners including Google’s advertising service and comScore, an online marketing company.

Kane York, a programmer and member of the Let’s Encrypt project, analyzed the traffic from the CNBC article and discovered that the passwords being submitted were being stored in a Google Docs document without the user's knowledge. 

CNBC promptly pulled the article from their website without a follow-up or explanation. The password security article did make a good point about password security, though inadvertently. You should never use a single password across all your accounts, it greatly increases your chances of being compromised in a hack or data breach, as attackers would gain access to more than one of your services at a time. Also, never provide your password to a third party for the purposes of research, testing, or if they offer you magic beans. 

Average: 1 (1 vote)

Facebook Comments Box

x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now