Today I wanted to chat about Twitter security. With all of the great Twitter apps out there, I was curious about security relating to Twitter account. I notice that alot of these apps require you to supply your Twitter username and password. Personally, I think this is a bit crazy. The thought of submitting my user credentials to a third party app. What I’m mostly surprised is the amount of people that do this. I am blown away that Twitter hijacking isn’t widespread and out of control. Seems like a malicious person could write a simple twitter application and start gathering credentials for spamming purposes or selling the information to others?
To me, it’s the same as supplying your mail user/pass to access this site. I don’t think many would. With that said, I do use twitter apps that require me to login via Twitter’s authentication interface and get redirected back to a application. To me there is a level of security there, since the authentication piece happens at Twitter.
I’m curious, do other have similar feelings in regards to security?
On this topic, I re-tweeted a nice little article titled “Twitter Security Do’s and Don’ts” that discusses some great practices to improve security.
Here is a quick breakdown:
- Never use your password on suspicious third party sites (this is what I’m talking about)
- Don’t be too specific
- Don’t spit excessive personal information
- Call the police, don’t tweet about it
- Don’t tweet about moving servers, etc
- Try to use oath whenever possible (this is something I recommend highly)
- Choose a strong password ( I also recommend changing it on occasion)
- Do use direct messages when appropriate
- Having a private separate account for work.
Also, I came across another article titled “11 Useful Twitter Tools That Don’t Require Your Password“, which has some good tools listed there.
It’s seems like it’s a matter of time before Twitter hijackingor malicious abuse will run rampant. I’m hoping for the best, but trying to prepare for the worst.