Don't give your twitter password out!
Today, a number of tweets showed up for twitviewer.net. I haven’t been able to load that site, so I can’t comment on what its about, but it reminded me of something I recently helped with at work.
There is no need for application developers who integrated with Twitter to ask for your password any more. Just say no! If you encounter a site or software that asks for your twitter username and password, refer them to the Sign in with Twitter documentation.
Sign in with Twitter uses OAuth, "An open protocol to allow secure API authorization in a simpleand standard method from desktop and web applications." The main thing to note about OAuth this is that you authorize applications to use Twitter at twitter.com instead of within the application/website.
Here at work, we use Twitter’s OAuth to allow users post a status update when they make a new travel blog entry. Here’s a screenshot of the authorization process:
First I click "Sign in with Twitter":
Then I click Allow:
That’s it! I get returned to the site I was on before, and its authorized to interact with my account as described above.
For a desktop application, the process differs slightly.
WIth Adium 1.4 beta, you start by initiating the process in your desktop program, which opens a browser. Here’s the first two steps:
Next, you get shown an access code that you need to type into the desktop application to complete the process. Tthe one you’re seeing here is no longer valid.
Another important thing is you can also revoke access without having to change your password, and authorized applications remain authorized even if you change your password.
So go convince your favorite website or twitter application to switch now!
