For Years and Years it has been pounded into our heads don’t give your password to anyone but it seems when it comes to Twitter and all of the sites that access Twitters API people are more then willing to share that password for the stupidest things.
How many twitter pic sites are there? How many sites use your Twitter password to let you pick a song or sites that will give you statistical info on your account.
Well many of these sites are fairly reputable … they have been around at least as long as twitter many longer…
UStream for one has you logon to a stream with either your UStream pass which is probably a good idea or your Twitter password. If you logon with your Twitter pass then whatever you post in the chat it amplified to your twitter account in the background…. better not be watching any hot girls if your wife is following you…
Then you have sites like Yfrog which is run by ImageShack and they have been around a while. If you login with your twitter account info on yfrog your image is posted to your Twitter account but then again isn’t it just as simple to use imageshack and copy the url into your twitter post?
Its not just lazyness its total disreguard for password security.
Some sites will say … ok we have your password and promise not to use it…
But everyone knows that a site that keeps that info is making itself a target for hackers.
Maybe they can’t get into some of the better ones that have a full staff of developers but with the speed these sites are popping up who can tell what is what… and how many people really go through all the time it takes to back trace domains and find out who you are really dealing with…
This is a serious problem but … hey its only your twitter account.
Its only the thing you do to keep in touch with your friends while you are online or the tool you use to announce your business…. is it really that meaningless?
I don’t know
But it seems that Twitter may be working on a solution … some type of public and private key that users can provide to these sites. Doesn’t that sound a little like Open ID?
Anyway THINK ABOUT IT the next time you are asked to enter your password.
Do you really need to give out your password for this service or can you find another way. And if you really need to do it then remember to change your password on twitter as soon as you are done using the service. That means every time you are done the transaction.
Yes its a drag but using a 20 digit random character pass its not that hard to type in a new one.
Be safe out there people.