[hcs-d] Password PSA
gdb at hcs.harvard.edu
Thu Dec 9 20:37:15 EST 2010
What's wrong with plaintext passwords? How else will you verify the
identity of the person authenticating to you?
On Thu, Dec 9, 2010 at 5:34 PM, Joseph Tassarotti <
tassarotti at college.harvard.edu> wrote:
> Yes, they're creepy - but the more important thing to me is: are the
> students in the class aware that this is bad practice? I helped some people
> with the stock market assignment and, as Michael says, people stored
> passwords in plaintext for that. Maybe in the future the lectures should
> mention the use of bcrypt (or at least sha1). It doesn't really add that
> much complexity at all for students, so why not?
> I did notice that the CS50 wiki removed the bit about authenticating users
> using their FAS accounts, which is good.
> <-----Original Message----->
> *From: Jeremy Cushman [jscushman at gmail.com]*
> Sent: 12/9/2010 8:21:16 PM
> To: sdeshpande at college.harvard.edu
> Cc: hcs-discuss at lists.hcs.harvard.edu
> Subject: Re: [hcs-d] Password PSA
> Yeah, sites that send you back your passwords in plaintext are really
> creepy. Just noticed http://crimsonspark.com/forgotpassword.php.
> On Thu, Dec 9, 2010 at 5:56 PM, Saagar Deshpande <
> sdeshpande at college.harvard.edu> wrote:
>> Great idea. Tony and I already discovered that crimsonspark was doing this
>> and informed Malan, so we think that this would be a nice thing for people
>> to know for tomorrow.
>> On Thu, Dec 9, 2010 at 4:54 PM, Michael Chen <
>> michaelchen at college.harvard.edu> wrote:
>>> Hey all,
>>> So the CS50 Fair is tomorrow. I feel like we should send out a PSA
>>> warning people against foolishly putting their usual username/password
>>> combos into CS50 projects. I know it's frowned upon to use common passwords
>>> across accounts anyway, but I'm pretty sure many projects will be storing
>>> passwords in plaintext (as that's what they did for one of their psets).
>>> hcs-discuss mailing list
>>> hcs-discuss at lists.hcs.harvard.edu
>> hcs-discuss mailing list
>> hcs-discuss at lists.hcs.harvard.edu
> hcs-discuss mailing list
> hcs-discuss at lists.hcs.harvard.edu
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the hcs-discuss