[hcs-d] Password PSA

Greg Brockman gdb at hcs.harvard.edu
Thu Dec 9 20:37:15 EST 2010


What's wrong with plaintext passwords?  How else will you verify the
identity of the person authenticating to you?

Greg


On Thu, Dec 9, 2010 at 5:34 PM, Joseph Tassarotti <
tassarotti at college.harvard.edu> wrote:

>  Yes, they're creepy - but the more important thing to me is: are the
> students in the class aware that this is bad practice? I helped some people
> with the stock market assignment and, as Michael says, people stored
> passwords in plaintext for that. Maybe in the future the lectures should
> mention the use of bcrypt (or at least sha1). It doesn't really add that
> much complexity at all for students, so why not?
>
> I did notice that the CS50 wiki removed the bit about authenticating users
> using their FAS accounts, which is good.
>
>
> <-----Original Message----->
>    *From: Jeremy Cushman [jscushman at gmail.com]*
> Sent: 12/9/2010 8:21:16 PM
> To: sdeshpande at college.harvard.edu
> Cc: hcs-discuss at lists.hcs.harvard.edu
> Subject: Re: [hcs-d] Password PSA
>
> Yeah, sites that send you back your passwords in plaintext are really
> creepy.  Just noticed http://crimsonspark.com/forgotpassword.php.
>
>  On Thu, Dec 9, 2010 at 5:56 PM, Saagar Deshpande <
> sdeshpande at college.harvard.edu> wrote:
>
>> Great idea. Tony and I already discovered that crimsonspark was doing this
>> and informed Malan, so we think that this would be a nice thing for people
>> to know for tomorrow.
>>
>>  On Thu, Dec 9, 2010 at 4:54 PM, Michael Chen <
>> michaelchen at college.harvard.edu> wrote:
>>
>>> Hey all,
>>>
>>> So the CS50 Fair is tomorrow. I feel like we should send out a PSA
>>> warning people against foolishly putting their usual username/password
>>> combos into CS50 projects. I know it's frowned upon to use common passwords
>>> across accounts anyway, but I'm pretty sure many projects will be storing
>>> passwords in plaintext (as that's what they did for one of their psets).
>>>
>>> Thoughts?
>>> Mike
>>>
>>> _______________________________________________
>>> hcs-discuss mailing list
>>> hcs-discuss at lists.hcs.harvard.edu
>>> https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
>>>
>>>
>>
>> _______________________________________________
>> hcs-discuss mailing list
>> hcs-discuss at lists.hcs.harvard.edu
>> https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
>>
>>
>
> _______________________________________________
> hcs-discuss mailing list
> hcs-discuss at lists.hcs.harvard.edu
> https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hcs.harvard.edu/pipermail/hcs-discuss/attachments/20101209/39873f99/attachment-0001.htm 


More information about the hcs-discuss mailing list