»
S
I
D
E
B
A
R
«
An open letter to all 3rd party Twitter apps that ask for my password
Oct 18th, 2009 by masukomi

Twitter implemented OAuth* for a reason.

Seriously, you’re not getting my Twitter password. I don’t care if you hash it or not. You’re not getting it. It looks like you’ve built a great service / tool but I simply will not give you access to my Twitter account that I can’t easily revoke whenever I want without having to worry about some web site potentially locking me out of my own account because of failed login attempts with an old password I gave them.

Do you realize what a horrible security practice you’re promoting by encouraging people to give out their login info to any site? The fact that Twitter is typically innocuous doesn’t make it any less stupid.

In short, implement oAuth and I’ll happily use your service.

Until then: fuck you, your horrible security practices, and most especially your lazy ass developers.

Yours Sincerely,

-Me

* OAuth is that system where a site sends you to twitter and you click a button telling twitter to allow them to access your account, vs. those @#$%! sites that actually ask you for your twitter username and password.

[Update] I’ve been made aware of ONE twitter web app where the developers were forced to use username password authentication, but it was a total edge case. Their app was a helper app to Twitter client on the iPhone which didn’t offer a way for them to use oAuth in helping. So they get a free pass, and an apology from me. ;)

2 Comments »
»  Substance: WordPress   »  Style: Ahren Ahimsa
© Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.