CNBC tried and disastrously failed to give regular Internet users a lesson about the importance of password security and password strength. While trying to explain how the FBI can brute-force an iPhone PIN by trying out all possible combinations, CNBC wanted to show you how fast your password could be cracked by using this relatively simple procedure (here’s an archived version of the article). To do it, you had to enter a password that you regularly use, and CNBC would tell you how safe it is. But here’s where the trouble started.
— Adrienne Porter Felt (@__apf__) March 29, 2016
First of all, CNBC asked you to send it your password over an unencrypted connection, which means that hackers snooping on your Wi-Fi traffic could intercept it and then try it on any online account you might have. Then, CNBC actually stored the passowrds in a free-to-read form using Google Docs. If that’s not enough, Motherboard also says CNBC shared your test password with all third parties it works with.
First discovered by Google security engineer Adrienne Porter Felt,CNBC’s massive blunder became the joke of security experts on Twitter.
— ashkan soltani (@ashk4n) March 29, 2016
It goes without saying that if you read this particular article and gave it one of your passwords, you should change that password right now. Additionally, you should make sure you have unique and hard-to-guess passwords for each Internet service you use. Thirdly, you should consider changing your passwords every once in a while. Finally, using a password manager to keep track of all you passwords is also advisable.
If you’re looking for real tips on password strength, you could check out this hilarious comic from xkcd that teaches you everything you need to know about password strength, password length, and brute-forcing.