Am I to trust my user/password to some applications that assert to be incorporated with Twitter?

I have actually seen a number of webapps that claim something along the lines:

" Use your twitter account - > User _ __ password _ _"

And after that they take you to a few other web page.

Nevertheless this phishing cautions and also all, why should I count on among those applications?

2019-05-09 11:29:41
Source Share
Answers: 4

You should not.

A website that intends to allow you utilize your individual qualifications need to have an OpenID assimilation like (or the various other member of the family).

Asking you to enter your qualifications, also if without bad intent, is welcoming problem.

2019-05-12 07:41:37

What websites need to do is make use of twitters oAuth to check in, it will certainly reroute you to twitter where you will certainly be asked if intend to share information (never ever your password). Exterior websites will certainly quickly no more have the ability to authorize customers right into twitter making use of a username and also password so practices similar to this will certainly quickly be going the means of the dodo.

To see it at work, I have actually constructed a website for the pile applications api that makes use of twitter oAuth called stack of twits.

2019-05-12 07:40:14

Since twitter has a method of permitting websites to utilize your twitter account with various other websites (without handing out your password), websites that do request for your login information are most likely fraudulence.

2019-05-12 07:38:43

Always favor OAuth logins - these straight you to Twitter to login and also authorize the website (just like Facebook connect). Yet it can occasionally be hard to be definitely certain that it is Twitter you're sending out the password to - specifically if the website opens up the OAuth web page in an iFrame or comparable.

Additionally - also if the website is making use of OAuth it can still depend on no excellent.

So you'll need to make a reasoning get in touch with whether you rely on the website.

Update : An instance of OAuth websites that can be approximately no excellent : Twibbon does some bad stuff (that they place in their smallprint).

2019-05-12 07:17:53