, ,

Don’t let your account tweet without you!

There are so many nifty Twitter tools out there, but my enthusiasm was always dampened for the ones that asked for my Twitter username and password. Why on Earth would I trust them? If they were really that good, I would use them and then immediately change my password.

Then Twitter introduced OAuth, named for a shortening of “open authentication”. Instead of giving them my credentials, I told Twitter that it was okay to access my account. Very clever, and so much less risk.

Or so I thought. When you grant access to your account, you are not granting it for just that one time. Your permission continues, even if you change your password. Some of the recent “DM” account hacks have been attributed to a service taking advantage of permission granted via OAuth, so we are back where we started: we have to trust a service before we can find out if it is worthwhile.

Fortunately, there is a fix.

Log in to your Twitter account on the web and select the “Settings” link. See the tab on the right for “Connections”? That lists all of the third parties to whom you have given access with OAuth. Now go through the list and click on the “Revoke Access” link under the description for each service. This isn’t blocking: you can give permission again if and when you visit that service the next time.

The integrity of your Twitter stream is entirely up to you, so remember to:
• Use strong passwords.
• Change your password periodically.
• Revoke access to third party services immediately after using them.

(Cross-posted from Don’t let your account tweet without you

Leave a Comment


Leave a Reply