Twitter Security – Buyer Beware!
I’ve had this serious gripe with Twitter for a long time… well, not with Twitter per se, but with the way that 3rd party applications interact with Twitter.
Don’t get me wrong, I use Twitter…. a lot.
Mashable seems to be the first to have reported on the twitter compromise, where they claim up to thousands of Twitter accounts have been hijacked.
If in doubt, login to your Twitter account and change your password right now!
But here’s my real gripe about Twitters 3rd party applications that get compromised…
None of the accounts had to be compromised!
Any time that you use a 3rd party twitter application (and there are hundreds of them) asks you for your Twitter username and password, you are asking for trouble, and increases your likelihood that your account will be hacked, and used against you.
Why do I say that it doesn’t have to happen? Because Twitter updated their API long ago so that applications don’t need to ask for the username and password. I don’t know the details of what it does need, but Twitter was smart enough to realize that this was a security hole, and fixed it.
Twitter itself, being a high profile target, is always on guard, and on the lookout for hack attempts and break ins. Their system is designed to be more secure than the average bear (not unbreakable, but much better than average), and I would actually trust my password to be stored on their servers (in encrypted form of course).
But how do I feel about some 3rd party app that I haven’t built a relationship with? My instant feeling is a resounding “HELL NO!”. I never give my user name and password out to 3rd party apps.
I used to be a software developer (before I realized my good looks could be used in internet marketing 
), and I know that there are complexities beyond complexities for making sure that an application is secure.
So not only do I need to trust the programmers, and the talent that they have for creating and testing a secure environment, but I also need to have a trust with the service as well.
What is the intention of the owners of the application? What if they are just grabbing usernames and passwords? That would be bad… but a quick way to gain a large number of compromised accounts in a short period of time…
So here’s my quick advice to you. Be wary of where you use your Twitter account information. Encourage 3rd party Twitter apps to use the API in manners that don’t require username and password inputs.
There may be only certain instance that the API without a password works. I’m not sure of the internals, but I know for sure that I don’t give up my password under any circumstances… which is really a shame, because there are some awesome applications that I’d like to use, but I’m holding off until they don’t want to hold my password
Go ahead and follow @Kettlewell or @JenKettlewell right now….but do it after you’ve read this article to make sure that your account doesn’t get compromised to send me a flood of SPAM tweets from a hijacked account 
About the Author
Matt Kettlewell is an Internet marketer, Wordpress guru, blogging advocate, computer programmer, speaker, consultant, and a really fun guy! Visit his main blog at Kettlewell.net, his Wordpress expressions are at Blogging Emergency and his joint success pages with The Moxie Maven can be found at Mox & Dom.
While you're at it, follow Kettlewell on Twitter!
Last 7 author Posts
- Choose Your SEO Expert Carefully
- Twitters Gone Phishing!
- Domininator Officially In The Clouds
- Anonymous Online Presence
- Sharing Your Google Calendar On The iPhone
- Windows 7 Party Success
- Treat Every Client Like They Have Cancer
[...] I wrote up an article a few months back about twitter security, and it was a huge warning to folks on what would happen if they didn’t mind there P’s & Q’s. Apparently my message didn’t reach out far enough (Note the share buttons above and below this post) [...]
[...] I wrote up an article a few months back about twitter security, and it was a huge warning to folks on what would happen if they didn’t mind there P’s & Q’s. Apparently my message didn’t reach out far enough (Note the share buttons above and below this post) [...]
[...] Read more at Kettlewell Enterprises» Grand Junction Business – Internet Marketing – Grand Junct… Posted in Search Engine Optimization « FREE 12 INTERNET MARKETING EBOOKS NO COST NO TRICK JUST FREE You can skip to the end and leave a response. Pinging is currently not allowed. [...]