Sometimes the best lessons happen in public and are based on our mistakes. Take a look at the series of errors taken by CNBC related to collecting passwords from their online readers. The commentary is a bit wild, but I think the passion shows the level of expectation sought for such a reputable business.
When someone entered a password into the text box and hit the button, a lot more was going on than a test. The password was being sent over the site’s http (unencrypted) connection to CNBC’s third-party partners, such as ScorecardResearch and SecurePubAds (DoubleClick).
After posting the findings on Twitter, a researcher who works on Let’s Encrypt (free, easy https for websites) joined the dogpile. He added that — inexplicably — CNBC was also saving the passwords to a Google Docs spreadsheet when the user hit “submit.”