Comments on: Stop Sharing Your Twitter Credentials

By: BeatTweet

BeatTweet — Sat, 25 Apr 2009 09:35:02 +0000

Heavy Heavy stuff!

By: Twitpay: Geld senden über Twitter » Frank Helmschrott

Twitpay: Geld senden über Twitter » Frank Helmschrott — Fri, 19 Dec 2008 07:30:48 +0000

[...] Wer sich Twitpay mal anschauen will findet die Seite sowie Links zum Twitpay-Blog und Twitter-Account auf twitpay.me. Im Twitpay-Blog gibt’s auch einen interessanten Beitrag zum Thema Login-Daten von Twitter weitergeben. [...]

By: Change your passwords right now! « Lady with a Hat

Change your passwords right now! « Lady with a Hat — Wed, 17 Dec 2008 23:59:38 +0000

[...] 17, 2008 by brain Okay, maybe read this article first. It’s a bit long & involved, but the basic message [...]

By: On Message with Ben Gross » Blog Archive » New and noteworthy in passwords and security

Tue, 16 Dec 2008 22:14:50 +0000

[...] Stop Sharing Your Twitter Credentials: A post Twitpay blog about the problems and hazards of providing your Twitter username and password combination to 3rd party services that add functionality to twitter. To be fair many other large online services have similar problems, the problem is compounded by the fact that Twitter does not yet have its own secure or delegated authentication or authorization mechanisms. [...]

By: Micah

Micah — Sun, 14 Dec 2008 15:05:37 +0000

Since the problem lies with the developers and not the end users, that’s where we need to apply pressure. Perhaps it’s time to start some sort of petition or seal of approval.

A small-time developer pledges not to ask for usernames/passwords in the manner you’re describing here, and instead promises to only use OAuth-style authentication. For small guys, that’s enough to get on the in-list.

For big-time sites like Facebook and MySpace, we put pressure on them and try to embarrass them (in blog posts like this) as weak or lax on security until they’re forced to comply as well.

It probably would end up doing nothing, but might garner them some bad press.

By: Top Posts « WordPress.com

Top Posts « WordPress.com — Fri, 12 Dec 2008 00:14:40 +0000

[...] Stop Sharing Your Twitter Credentials This post is mainly a response to this: [...] [...]

By: gregburrus

gregburrus — Thu, 11 Dec 2008 19:39:13 +0000

Great article – this definitely needs to be resolved. I for one did not think about it at that level so forewarned is fore armed so this article served its purpose.

However the solution I suspect is a long way off meaning getting all the software developers to use it once the solution has been found.

I like most people love technology and the ease of use pf the web but it seems the solution is people and that is never good. As most people never think security til a problem occurs.

By: Daniel Hepper

Daniel Hepper — Thu, 11 Dec 2008 17:44:56 +0000

@Huh: it’s not the Twitter account itself, it is the password.

The common practice of having the same password for several services, say Twitter, Email and Ebay, is irresponsible by the user.

But encouraging the user to share these credentials (e.g. to read the address book) is irresponsible by the service.

By: Huh

Huh — Thu, 11 Dec 2008 03:06:49 +0000

Steal some my information and identity through twitter – HUH? It’s all public on Twitter .. who I am ..what i think ..what I do… a link to my website with further about me.

This is how it is for many many others – yet i should say zero enter their social security in any social site minus a bank or govt site.

Unable to follow your steal identity comment – maybe you can elaborate?

By: dbrown26

dbrown26 — Wed, 10 Dec 2008 20:13:45 +0000

Ranga, I agree, you will definitely slow them down. The bigger problem is that your average user has simply never heard of anything like pwdhash and has no idea how to use it or what it does. Real security is as much about practicality as it is about technology.