I like a right strong password just as much as anyone else . But CNBC ’s stunty idea for a putz that tested the strength of people ’s passwords is one of the stupidest things I ’ve seen in days — mayhap weeks !
A editorialist for CNBC ’s The Big Crunch tried to make amisguided level about the FBI ’s iPhone situationwith an synergistic tool that ask readers to input their password to see how good they were . The Wiley Post is now down , but if you did follow with the CNBC petition , it might be a right idea to alter your password . You shoulddo this from time to timeanyway .
The billet asked you to type your watchword into a field , hit enter , and voila ! CNBC ’s expertly coded appliance provide detailed analysis of that password , telling you whether it was strong , and if not , what was wrong with it .
I know what you ’re thinking : Come on , this was only for “ amusement and educational intent , ” as the widget intelligibly stated in official - looking italic text . What could go wrong ? Well …
Holy crap:@cnbcnow air your tryout passwd to all 3rd parties when you hit enter@__apf__https://t.co / rOQuvJ4KE2pic.twitter.com / diRjcvJ919
— ashkan soltani ( @ashk4n)March 29 , 2016
A few hoi polloi on Twitter claimed the whatchamacallit is an unsafe frame that actually submits the graphic symbol you insert into the text field to third parties . Whether they ’re good or not , you should never enroll your password into some random cyberspace cast .
Since it ’s a physique field , it reloads the page when you run into “ enter , ” changing the url and , in upshot , saving the password you just typed in .
So for example the original universal resource locator is :
http://www.cnbc.com/2025-04-26/apple-and-the-construction-of-secure-passwords.html
After you enter asdfasdf , the Sir Frederick Handley Page refreshes and the url is :
http://www.cnbc.com/2024-12-30/apple-and-the-construction-of-secure-passwords.html?name=asdfasdf
“ In theory , if there ’s someone sniffing dealings on your web , they could see these uniform resource locator being requested in plain text , and then try on sniffing on other traffic get from you that might indicate some account information , ” Pash told me . This could be as light as finding out your email address . And it would n’t be backbreaking for these ad tracker to compile a crowd of people ’s parole in their logs .
So while CNBC ’s nerveless peter is not necessarily malicious , it ’s more just sloppy . “ I ’m not sure it ’s a serious menace , ” says Pash . “ But it ’s in spades speechless . ”
It appears CNBC has agnize it ’s dim too , because this is what you get when you seek to get hold the report now :
We ’ve reached out to CNBC for comment .
Meanwhile , this cock seems totally legit .
Just ferment on my new news show app.pic.twitter.com/60Z3grWtB7
— Jeremy Bowers ( @jeremybowers)March 29 , 2016
[ CNBC ]
PasswordsSecurity
Daily Newsletter
Get the best technical school , science , and culture news in your inbox daily .
News from the future , delivered to your present .
Please select your desired newssheet and bow your email to upgrade your inbox .
You May Also Like
