Twitter's Security is so Poor

Thu, 29 Jan 2009 23:17:21 GMT
by pdp

...and there are a lot of privacy concerns too.

IMHO, the way the Twitter folks designed their system, is totally wrong. The one and only major concern is that 3rd-part software is allowed to communicate with Twitter's API by using the user's login credentials. This is a bit insane as you can imagine. Why would you want to share your username and password with someone you certainly don't trust? A better approach would have been if users can generate unique API keys which can be given to 3rd party applications. That way, users are not only in full control of their accounts but also, if the Twitter team decides to implement a more granular access control system at later stage, the transition will be smooth and easy.

Did I mentioned that this way users will be in full control of their accounts?

Archived Comments

Twitter will be launching a private beta of OAuth in Jan 2009.
Andrew BechererAndrew Becherer
Someday Twitter will open the floodgates to their OAuth service. It is in private beta right now.
Only a few weeks ago, twitter was vulnerable to password dictionary attack, where Presidents Obama account & others was hacked, now with OAuth coming out, The guys @Twitter are improving their API. Functionality & popularity first, security later is their method.
i thought about this issue before and i completely agree with you...
Tim AchesonTim Acheson
Now Twitter's own internal systems have been hacked, along with the accounts of Twitter users including celebrities: The initial point of entry wasn't a gap in Twitter's security. The hacker(s) gained access through a Google Apps account. The worry with a Google account is, it's web-based and therefore only as secure as the rest of the Internet. If yuor Google account is compromised and you use Google Docs in a serious commercial setting, your Twitter account will be the least of your worries.