English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Twitter goes OAuth-only (Yay for security!)

Stefan Tanase
Kaspersky Lab Expert
Posted August 31, 16:42  GMT
Tags: Social Networks, Passwords
0.2
 

In a long overdue move, Twitter turned off basic authentication for third-party applications, while enforcing OAuth for all apps. This is a move that should be applauded by anyone concerned about the security of their Twitter account.

This latest move covers a potential vulnerability in the process of giving read/write access to third-party applications, which could lead to a Twitter account being compromised. Well, not anymore. You don't need to give your username and password to third-party developers anymore if you want to use their application on your Twitter account.

Being always concerned about security, I salute Twitter's move to enforce OAuth. This lets me use an application without having to share my Twitter username and password with an unknown entity. Also, hats off to all developers that updated their applications in time and made this change as seamless as possible for the majority of users.

However, keep in mind that OAuth doesn't protect against local attacks - stealing passwords straight from the users' machines. Make sure you use a clean computer when you log-in to Twitter. Also, for more tips on staying safe, I invite you to read my quick How to Avoid Getting Your Twitter Account Hacked guide on Threatpost.


2 comments

Newest first
Threaded view
 

Eugene Aseev

2010 Sep 03, 21:36
0
 

Not so secure

http://arstechnica.com/security/guides/2010/09/twitter-a-case-study-on-how-to-do-oauth-wrong

Reply    

Mihai Barbulescu

2010 Sep 01, 15:26
0
 

Thumbs up

This is a very good move done by Twitter

Reply    
If you would like to comment on this article you must first
login


Bookmark and Share
Share

Analysis

Blog