Don't Provide Your Email Password to Another Service
There’s a feature on some websites you might have seen recently. They offer to import your address book from a webmail service like Gmail and check to see which of your friends are already using their service. (Some will even spam your friends who aren’t without asking you, but that’s the subject for a whole different article on best practices.) This feature–asking for your Gmail, Hotmail, etc. password to check your address book–has become common practice on a lot of social network sites, and this is a very bad thing.
A new technology called OAuth has just made some news which will allow websites to share information like online address book contents without the need to swap passwords back and forth. This is exactly what’s needed, but it will take time for many services to evaluate and implement. Six Apart’s David Recordon wrote a good piece explaining OAuth. In the meantime, make it a practice never to type in your Gmail password anywhere but a Google site.