1. Twitter users give any odd site their Twitter username and password.
2. Twitpay and Twitter now have the ability to pay other Twitter users via simple tweets.
So all someone has to do is create a Twitter-app that collects username and password for 10,000 users and randomly starts paying themselves. What could go wrong?
Twitpay doesn't let you link it with a credit card or anything. You have to authorize the paypal payment anytime you want to add money to it, so the only money someone could take that way is the money you leave in your account.
I'm actually working on a twitter app that needs passwords that's soon to launch (http://tweetlinkmonster.com/ if you want to see. You can signup if you want, it works and is secure. I just want to polish before really launching.)
For now I take people's passwords (I don't have much choice. I need to get someone's friends timeline.)
I'll proably go ahead with that for now, but I'd love to do OAuth when Twitter releases it.
But I'll probably go ahead with the current plan for now.
The issue is that there are many Twitter apps (mine, twitpic) that have no choice but to take passwords.
Twitpay can get away with it, but anything that needs to tweet for the user or get the user's tweets has no option until Twitter adds OAuth.
With every twitter account I feel like squatting on (and, oh , btw, yes everyone does it), I create a not-too-close gmail account for use with just that twiter account (for verification), and use that to test the 3rd party apps that "Must" have your twitter creds in order to work. What I have found, by trial and eror, is that over half of ALL the currently available (and some beta) 3rd party apps work PERFECTLY WITHOUT any signup or twitter cred. So why do THOSE particular 3rd party apps need the info? I doubt they need it for future growth of the app or "extra features" later.
You're sidestepping the point of the article. Ivan Kirigin is not going to get screwed over by a website that asks for his Twitter password. But my mom might, because it is extremely likely that one of these fly-by-night Twitter add-on apps will lose their database to some stupid SQLI bug. My mom almost certainly uses the same password for Twitter and Yahoo Mail.
Moreover, each app that asks for passwords for another service adds social proof that this is how we build applications. It isn't.
I agree 100% that asking for passwords is a very bad practice, and users shouldn't be trained to do it. They should fix it immediately.
I suppose people could stick to twitter.com and sms - but to me, the defacto twitter world has clients. They are important. I want people to use them. Give your password to sites you trust, Mom.
The next blog post will be about how you can do almost everything without "being evil". There are other ways to get the information or behaviors you seek without requiring external logins. Twitter clients are entirely different animals as the credentials are stored individually in many different places (phones and pc's). Hackers look for large, easy targets, like a web site's database or server logs that contain lots of info, they don't do individual hacks by and large because the ROI is just not high enough. Not saying that its not a risk, just that the risk is MUCH smaller.
That's a good point. OAuth would at least centralize the problem towards a more trusted source and limit the number of places the credentials would be stored. I trust Google or Facebook to have more safeguards in place than a webapp that popped up yesterday. As for password managers, I totally agree people should use them, but as a practical matter, most non-tech people do not.
I cetainly don't trust them to control all my logins. But my level of trust for them is much higher than for most in terms of their ability to secure their databases and applications. I use different levels of passwords, depending on the type of site: nytimes.com < gmail.com < bankofamerica.com. I have tried to use password manager, and am currently trying one out on Safari, but the use of many computers makes it difficult.
For a huge percentage of all Internet users, a Google or Yahoo compromise is game-over; they're going to lose their bank account, and then their social, and their identity (if they lose the lottery). So centralizing on Google or Yahoo is a sensible plan.
As for your cautionary tale, I'm pretty familiar with the players here, axod. Why don't you tell us?
Google shut off my account for a week and I lost access to everything google controls - adsense, adwords, gmail, google code, youtube, blogger, google apps, google for domains etc etc They shut it off because "Someone tried to log in to it unsuccessfully"
Probably for the average person though as you say, centralizing control is probably easiest until something like that happens to them.
Wouldn't an idea be to centralize this with your ISP? The ISP already knows who you are, seems like they would be a good authority on handling authentication to websites for you. (OK, doesn't work for when you're using some hotel wifi etc)
Few months ago, someone I know (nontechnical) lost their password on a public blog server. Unfortunately, like most people, they used the same password on their Yahoo mail account. Inside of a day, they:
* Got locked out of their Yahoo mail account for a week
* Lost their GoDaddy account, got locked out of it, and had it redirected to a gay porn site
* Lost their bank account, had thousands in fraudulent charges racked up, and got locked out of the account
* Had all their Yahoo mailing lists scrubbed, and each mailing list member (including his kids soccer team, which he ran) spammed with gay porn stuff
* Had his tax dox and personal mail dumped in public.
It sounds like your Google experience sucked. But I can think of worse things that can happen than a beaurocratic SNAFU. Let's not just hope that people will get smart about their passwords.
No, it's not. I built this special page into the search engine because I generate random usernames and passwords for every site I use, e.g. epi0Bauqu.
I was picking up a friend (Todd V., long time lurker) for lunch, and he showed me the post since he uses the pwgen feature as well. I didn't know my password by heart, so he finally created an account and made the post.
I apologize then for the accusation, but for the sake of submitting better comments an explanation (even what you just wrote) would be much better than just submitting a link with no further rationale for submission.
That's why I use SuperGenPass, it works on every browser, it's open source (it's Javascript) it's handy and it even works on my phone. I've got a different password for almost every site now and I don't even have to know them.
this was a really, really foolish post in my opinion. you want to build your business on how users really act, not rant at them for acting differently than you expected.
besides, it just shows how bankrupt passwords are. we use the same mechanism online to protect our bank accounts and our most meaningless babble. that's just trouble waiting to happen.
building a business on that is like a building a house on the San Andreas faultline and then filling it with priceless Ming vases. it might be fun, might look nice, but it's not exactly strategic.