[hcs-d] Password PSA

Joseph Tassarotti tassarotti at college.harvard.edu
Thu Dec 9 20:34:31 EST 2010


Yes, they're creepy - but the more important thing to me is: are the
students in the class aware that this is bad practice? I helped some
people with the stock market assignment and, as Michael says, people
stored passwords in plaintext for that. Maybe in the future the lectures
should mention the use of bcrypt (or at least sha1). It doesn't really
add that much complexity at all for students, so why not?

I did notice that the CS50 wiki removed the bit about authenticating
users using their FAS accounts, which is good.


<-----Original Message----->

 	 	From: Jeremy Cushman [jscushman at gmail.com]
Sent: 12/9/2010 8:21:16 PM
To: sdeshpande at college.harvard.edu
Cc: hcs-discuss at lists.hcs.harvard.edu
Subject: Re: [hcs-d] Password PSA 

Yeah, sites that send you back your passwords in plaintext are really
creepy.  Just noticed  http://crimsonspark.com/forgotpassword.php.

On Thu, Dec 9, 2010 at 5:56 PM, Saagar Deshpande <
sdeshpande at college.harvard.edu <mailto:sdeshpande at college.harvard.edu> >
wrote:


	Great idea. Tony and I already discovered that crimsonspark was
doing this and informed Malan, so we think that this would be a nice
thing for people to know for tomorrow.
	
	
	On Thu, Dec 9, 2010 at 4:54 PM, Michael Chen <
michaelchen at college.harvard.edu <mailto:michaelchen at college.harvard.edu>
> wrote:
	

		Hey all,
		
		So the CS50 Fair is tomorrow. I feel like we should send
out a PSA warning people against foolishly putting their usual
username/password combos into CS50 projects. I know it's frowned upon to
use common passwords across accounts anyway, but I'm pretty sure many
projects will be storing passwords in plaintext (as that's what they did
for one of their psets).
		
		Thoughts?
		Mike
		
		
		_______________________________________________
		hcs-discuss mailing list
		hcs-discuss at lists.hcs.harvard.edu
<mailto:hcs-discuss at lists.hcs.harvard.edu> 
	
https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
		
		



	_______________________________________________
	hcs-discuss mailing list
	hcs-discuss at lists.hcs.harvard.edu
<mailto:hcs-discuss at lists.hcs.harvard.edu> 
	https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
	
	


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hcs.harvard.edu/pipermail/hcs-discuss/attachments/20101209/97712683/attachment.htm 


More information about the hcs-discuss mailing list