[hcs-d] Important password security information
danz at fas.harvard.edu
Thu Dec 9 20:09:02 EST 2010
Wait, before this goes out, what is going to be the branding on this?
Are we just supposed to send it off as if we're individuals with our
opinions, or is this an official "HCS" warning?
On Thu, Dec 9, 2010 at 8:05 PM, Jeremy Cushman <jscushman at gmail.com> wrote:
> And actually, perhaps the third one (Never log in to any website when you
> don't see https:// in the address bar) is too strong; the important part is
> that it's submitted to a page that uses https, but I wasn't sure quite how
> to explain that.
> On Thu, Dec 9, 2010 at 8:02 PM, Jeremy Cushman <jscushman at gmail.com> wrote:
>> Here's a password security PSA; it would be awesome if we could get this
>> out to all the house/dorm lists tonight! Obviously substitute in the house
>> name and your name at the bottom :-)
>> Feel free to tweak it around too if you'd like.
>> Hey [housename],
>> Every year at the CS 50 fair, hundreds of students demo their great new
>> web apps to the Harvard community. While you should definitely try out as
>> many sites as possible, to be safe, you should:
>> - Never use an important password to register for any student's website.
>> Always assume that any password you type might be seen by the site creator.
>> - Never give your FAS, @college, Gmail, Facebook or password to a
>> student's website unless you're at the familiar PIN authentication page or
>> logging in through the familiar Gmail or Facebook login pages.
>> - Never log in to any website when you don't see https:// in the address
>> - Be aware that by logging into your Facebook or Google accounts at the
>> fair you are very vulnerable to Firesheep and account hijacking.
>> Enjoy the fair!
> hcs-discuss mailing list
> hcs-discuss at lists.hcs.harvard.edu
More information about the hcs-discuss