• 03.30.16

CNBC’s password security lesson backfired spectacularly

Here are some things a website should NOT do when offering a “test your password strength” submission box.

• Fail to use HTTPS web encryption

• Send all submitted passwords to a Google doc

• Share those passwords with dozens of third parties

CNBC made all of these mistakes in a recent well-intentioned password security article, which it has now taken down. Props to Google security engineer Adrienne Porter Felt for spotting the trouble. RP