These sites require you to log-in to Twitter to use ‘em. But instead of asking for your username and password, they use something called OAUTH.
Think of OAUTH as the valet key to your car. It can start the car, sure, but you can’t get into the glove box or trunk without the real key.
Sites that use OAUTH have no ability to change your username, your password, or your e-mail address… things that hackers would love to do (so they could pose as you, for example). OAUTH also can’t be duplicated, the permission you give is unique to that individual site.
Most sites say “Authenticate (or Log-In) with OAUTH” and a window will pop up that looks something like the picture above.
Giving out your username and password potentially gives unscrupulous people access to change any of those details – whenever you give out your username and password, you hand random strangers the real key to your car. A bad site could sell your username and password or pass it off to someone who wanted to do bad things.
OAUTH permission can be revoked at any time (or you can check to see which sites you’ve given access to) by logging in to Twitter and going to: http://twitter.com/account/connections. You can’t get back your username and password once you’ve given it out. Your only recourse would be to change your password, and by the time you realize something’s wrong, the damage is likely already done.
The best way to keep your Twitter account safe is to:
Choose a strong password – with at least one uppercase letter, one lowercase letter, one number, and one symbol. Avoid whole words, the names of your pets, or things someone who reads your Tweets might easily be able to guess.
Use OAUTH instead of giving out your username and password. If a site doesn’t use OAUTH, you shouldn’t be giving ‘em your info – trust me, I make websites… it’s not hard to build OAUTH into a site.
Twitter Security – OAUTH
TwitBlock and TwitterCounter are just two.
These sites require you to log-in to Twitter to use ‘em. But instead of asking for your username and password, they use something called OAUTH.
Think of OAUTH as the valet key to your car. It can start the car, sure, but you can’t get into the glove box or trunk without the real key.
Sites that use OAUTH have no ability to change your username, your password, or your e-mail address… things that hackers would love to do (so they could pose as you, for example). OAUTH also can’t be duplicated, the permission you give is unique to that individual site.
Most sites say “Authenticate (or Log-In) with OAUTH” and a window will pop up that looks something like the picture above.
Giving out your username and password potentially gives unscrupulous people access to change any of those details – whenever you give out your username and password, you hand random strangers the real key to your car. A bad site could sell your username and password or pass it off to someone who wanted to do bad things.
OAUTH permission can be revoked at any time (or you can check to see which sites you’ve given access to) by logging in to Twitter and going to: http://twitter.com/account/connections. You can’t get back your username and password once you’ve given it out. Your only recourse would be to change your password, and by the time you realize something’s wrong, the damage is likely already done.
The best way to keep your Twitter account safe is to: