Coming Soon: No More Passwords Giveaways!

One of the biggest challenges and problems within the Twitter ecosystem in recent months has been the growing uneasiness amount the Twiterrati to give third-party services their usernames and passwords.

It has meant that many interesting services have gone undiscovered or unexplored simply because Twitters users refuse to give away their passwords. This is a shame because there are many great services being developed by honest people that don’t stand much of a chance of gaining traction.

The good news, however, is help is on the way. Twitter has been spending a lot of time working on a new security solution based on OAuth, an open-source protocol that allows for secure API authorization. In short, it means you can use a universal ID to use third-party applications rather than handing over your username and password, it means substituting an application key and a token in place of your username and password.

In theory, it’s a fantastic concept because it would be a huge boost to security, and make remembering username and passwords a far less cumbersome process. It would also let third-party applications easily tie into the system.

In a major step forward, Twitter has launched a closed beta for developers to create and manage an unlimited number of OAuth applications. Here’s hoping the process can move from closed beta to launch soon.

For an in-depth look at what Twitter is doing, ReadWriteWeb (which continually provides great perspective) has a long post.

Be Sociable, Share!
This entry was posted in Twitter and tagged , , . Bookmark the permalink. Both comments and trackbacks are currently closed.

5 Comments

  1. Posted January 25, 2009 at 5:41 am | Permalink

    I don't now how they got away with this for so long… I have never used any twitter app that requires password and I would never develop one that would ask for users password either.

  2. Posted January 25, 2009 at 12:45 pm | Permalink

    To me, it's been a necessary evil to hand over my username and password if I want to try/use most Twitter-related services. That said, I've changed my PW a lot recently. :)

  3. Posted January 25, 2009 at 9:52 pm | Permalink

    Just wanted to clarify something about what you said. OAuth is not about using a "universal ID to use third-party applications". Instead, it's merely about substituting an application key and a token in place of your username and password. OpenID more about a universal ID — so OAuth and OpenID are complementary.

    An easier way to think about this is that OAuth is about what you can do, whereas OpenID is about who you are.

    • Posted January 25, 2009 at 10:13 pm | Permalink

      Chris,

      Thanks for the clarification.

      cheers, Mark

  4. Posted February 3, 2009 at 1:58 pm | Permalink

    I just love the comparison on the OAuth webpage:

    Imagine that OpenID is like your car key: you have to be at the website to log in. OAuth is like a valet key: you can hand to a website to operate on your behalf, even when you're not there. ^^

Sign Up For My Weekly Startup Newsletter
  • A curated selection of top-notch startup content
  • Focused on operations, finance, marketing & sales
  • Delivered every Saturday morning
  • Get a free e-book on 118 of the best digital marketing tools
Thanks for visiting Twitterrati. This blog is no longer being updated. I am writing on a regular basis about startup marketing at markevans.ca/blog/