Twitter has problems. Or Twitter users have problems. It depends on how you see things. Not only passwords were sold together with a Twitter application (see my recent post on the topic) but also users got phished and accounts of some celebrities got hacked. Really bad news!
Now people think Twitter needs some better authorization methods of third party applications and demand OAuth implementation. Even a website was launched: Please, Twitter, Implement OAuth Now!. Indeed OAuth is a solution and it’s great that more people feel the need for safer authorization. While it is a noble initiative, I feel a little bit uncomfortable when seeing some blind retweets of the message on Twitter. Basically, there are two reasons:
-
OAuth didn’t prevent the recent phishing and hacking attacks. To quote Twitter co-founder Biz Stone:
We plan to release a closed beta of the open authentication protocol, OAuth this month but it’s important to note that this would not have prevented a Phishing scam nor would it have prevented these accounts from being compromised. OAuth is something we can provide so that folks who use third party applications built on the Twitter API can access their data while protecting their account credentials.
- While you could argue that Twitter somehow encouraged users to give away their passwords to third party sites, we should not forget that the users themselves helped their accounts being compromised. For convenience’s sake or a tiny feature (by the way, did any of those people request those features from Twitter?) some self-proclaimed internet elite was happily passing their passwords to other sites. Not just once, but many times.
I am 100% pro-OAuth on Twitter but users have to think about what they do on the web and who they trust. OAuth on Twitter is just a small relief for users. There are other sites and other risks as well. Think!
Tags: API, Biz Stone, Co-founder, internet elite, OAuth, open authentication protocol, Twitter, Twitter co-founder