[hcs-d] Important password security information
jscushman at gmail.com
Thu Dec 9 20:05:53 EST 2010
And actually, perhaps the third one (Never log in to any website when you
don't see https:// in the address bar) is too strong; the important part is
that it's submitted to a page that uses https, but I wasn't sure quite how
to explain that.
On Thu, Dec 9, 2010 at 8:02 PM, Jeremy Cushman <jscushman at gmail.com> wrote:
> Here's a password security PSA; it would be awesome if we could get this
> out to all the house/dorm lists tonight! Obviously substitute in the house
> name and your name at the bottom :-)
> Feel free to tweak it around too if you'd like.
> Hey [housename],
> Every year at the CS 50 fair, hundreds of students demo their great new web
> apps to the Harvard community. While you should definitely try out as many
> sites as possible, to be safe, you should:
> - *Never* use an important password to register for any student's website.
> Always assume that any password you type might be seen by the site creator.
> - *Never* give your FAS, @college, Gmail, Facebook or password to a
> student's website unless you're at the familiar PIN authentication page or
> logging in through the familiar Gmail or Facebook login pages.
> - *Never* log in to any website when you don't see https:// in the address
> - Be aware that by logging into your Facebook or Google accounts at the
> fair you are very vulnerable to Firesheep and account hijacking.
> Enjoy the fair!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the hcs-discuss