Twitter… About Password Security & OAuth

Twitter Find Friends

People sharing Twitter passwords with rogue friend apps has been a problem for a few years – I have written quite a few posts warning people of the dangers of sharing passwords with insecure apps, and have also been critical of giant social networks continuing the practice of scraping data from other services using standard password authentication.

Viral Tell-A-Friend Thats Safe For Your Granny or CEO

Stompernet-Need-To-Register

I have been ranting and raving about insecure viral Tell-A-Friend scripts for over a year, and it seemed like I was just talking to a brick wall.

Now in the space of just a week I have been able to highlight a solution based upon one of my own blog posts that uses a slightly ghetto, but K.I.S.S method to achieve extremely effective viral tell-a-friend functionality, and now I want to mention another more sophisticated solution.

Twitter Security Hypocrisy

twitter-security

If Twitter were really serious about the dangers of sharing access to Gmail accounts, and thus their personal documents on Google Apps, they wouldn’t continue to encourage people to hand over their email passwords just to tell their friends about Twitter or find existing friends on the service.