Epic fail: CNBC botches online security tutorial, asks readers for passwords

© Pawel Kopczynski
CNBC’s misguided attempt to teach readers about online security by asking them to input their passwords into a widget on the news website has put users’ information at risk.

The article “Apple and the construction of secure passwords” was published Tuesday on CNBC’s blog The Big Crunch and asked readers to test password strength with an interactive tool.

The article prompted readers to enter their passwords into a special took to check their security.

It wasn’t long, however, before a number of security experts weighed in, pointing out the experiment’s flaws.

Firstly the site was not using HTTPS web encryption - the secure version of HTTP which ensures communications between browser and website are encrypted - as pointed out by Google security engineer Adrienne Porter Felt.

Once users submitted their password information it was sent to a Googledoc, leaving it open to hackers as it travelled unsecurely through the internet.

Security and privacy researcher Ashkan Soltani also pointed out that the information is shared with third parties, such as advertisers and analytics providers, who take data from CNBC.com.

CNBC have since removed the article, without comment.