AfterDawn: Tech news

Twitter increases security requirements for third party access

Written by Rich Fiscus (Google+) @ 02 Sep 2010 12:53

Twitter increases security requirements for third party access Two days ago Twitter began requiring third party applications to use a secure method for accessing your account.
Using this login method, called OAuth, a program requests access to your Twitter account without first getting your login information. Twitter then forwards that request to you through their own web interface, allowing you to confirm or deny access.

For example, when you use the 'retweet' link on an Afterdawn news article for the first time you're prompted to connect the TweetMeme service to your Twitter account.

Clicking the 'Yes' button sends the request to Twitter. Twitter then checks to see if you are logged in. If you're not logged in Twitter sends you a login window.

Once you're logged in you will be prompted with the OAuth connection request. If you were already logged in, but wish to connect with a different Twitter account you can do that from this window as well.

Once authorized, the service will appear in your Twitter Settings under Connections. You can deauthorize the connection directly from this screen on the Twitter website at any time.

The now unsupported alternative to OAuth was called Basic Authentication. It required a program to collect your username and password and then pass them on to Twitter every time a connection was made. Besides the obvious security hole created by having third parties collecting and saving private information, there was also a functional problem with this approach.

If you changed your Twitter password you would also have to update that information for every program or service you gave access to.

Most people probably won't notice this change since developers were informed of the change last year. Most applications were using OAuth long before the deadline.

Previous Next  
Comments have been disabled for this article.

News archive