Coming Soon: No More Passwords Giveaways!

By Mark Evans | Published: January 24, 2009

One of the biggest challenges and problems within the Twitter ecosystem in recent months has been the growing uneasiness amount the Twiterrati to give third-party services their usernames and passwords.

It has meant that many interesting services have gone undiscovered or unexplored simply because Twitters users refuse to give away their passwords. This is a shame because there are many great services being developed by honest people that don’t stand much of a chance of gaining traction.

The good news, however, is help is on the way. Twitter has been spending a lot of time working on a new security solution based on OAuth, an open-source protocol that allows for secure API authorization. In short, it means you can use a universal ID to use third-party applications rather than handing over your username and password, it means substituting an application key and a token in place of your username and password.

In theory, it’s a fantastic concept because it would be a huge boost to security, and make remembering username and passwords a far less cumbersome process. It would also let third-party applications easily tie into the system.

In a major step forward, Twitter has launched a closed beta for developers to create and manage an unlimited number of OAuth applications. Here’s hoping the process can move from closed beta to launch soon.

For an in-depth look at what Twitter is doing, ReadWriteWeb (which continually provides great perspective) has a long post.

Be Sociable, Share!
This entry was posted in Twitter and tagged , , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

5 Comments

  1. felipecoimbra
    Posted January 25, 2009 at 5:41 am | Permalink

    I don't now how they got away with this for so long… I have never used any twitter app that requires password and I would never develop one that would ask for users password either.

    Reply
  2. markevans
    Posted January 25, 2009 at 12:45 pm | Permalink

    To me, it's been a necessary evil to hand over my username and password if I want to try/use most Twitter-related services. That said, I've changed my PW a lot recently. :)

    Reply
  3. Chris Messina
    Posted January 25, 2009 at 9:52 pm | Permalink

    Just wanted to clarify something about what you said. OAuth is not about using a "universal ID to use third-party applications". Instead, it's merely about substituting an application key and a token in place of your username and password. OpenID more about a universal ID — so OAuth and OpenID are complementary.

    An easier way to think about this is that OAuth is about what you can do, whereas OpenID is about who you are.

    Reply
    • markevans
      Posted January 25, 2009 at 10:13 pm | Permalink

      Chris,

      Thanks for the clarification.

      cheers, Mark

      Reply
  4. Snyke
    Posted February 3, 2009 at 1:58 pm | Permalink

    I just love the comparison on the OAuth webpage:

    Imagine that OpenID is like your car key: you have to be at the website to log in. OAuth is like a valet key: you can hand to a website to operate on your behalf, even when you're not there. ^^

    Reply

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>