[hcs-d] Important password security information

Jeremy Cushman jscushman at gmail.com
Thu Dec 9 20:05:53 EST 2010

And actually, perhaps the third one (Never log in to any website when you
don't see https:// in the address bar) is too strong; the important part is
that it's submitted to a page that uses https, but I wasn't sure quite how
to explain that.


On Thu, Dec 9, 2010 at 8:02 PM, Jeremy Cushman <jscushman at gmail.com> wrote:

> Here's a password security PSA; it would be awesome if we could get this
> out to all the house/dorm lists tonight!  Obviously substitute in the house
> name and your name at the bottom :-)
> Feel free to tweak it around too if you'd like.
> Jeremy
> ------------------------------
> Hey [housename],
> Every year at the CS 50 fair, hundreds of students demo their great new web
> apps to the Harvard community.  While you should definitely try out as many
> sites as possible, to be safe, you should:
> - *Never* use an important password to register for any student's website.
>  Always assume that any password you type might be seen by the site creator.
> - *Never* give your FAS, @college, Gmail, Facebook or password to a
> student's website unless you're at the familiar PIN authentication page or
> logging in through the familiar Gmail or Facebook login pages.
> - *Never* log in to any website when you don't see https:// in the address
> bar.
> - Be aware that by logging into your Facebook or Google accounts at the
> fair you are very vulnerable to Firesheep and account hijacking.
> Enjoy the fair!
> [name]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hcs.harvard.edu/pipermail/hcs-discuss/attachments/20101209/51cd8bfc/attachment.htm 

More information about the hcs-discuss mailing list