Ben Ward

Pownce 3589001

.

In response to Jeremy Keith on Pownce:

Here’s a textbook example of why the password anti-pattern is so dodgy. Because we’ve all been taught that it’s okay to hand over passwords for third-party sites, a service called MyNameIsE feels that is perfectly acceptable to use that sensitive information to post a Twitter message from your account!

If you’re one of the people who signed up to this service, I’d love to hear how you felt when you saw this message (ostensibly from you) show up on Twitter.

I know I was ragging on Pownce for still using the password anti- pattern in parts of the “find friends” feature but man, they would never do anything like this!

You’re mostly correct, although I think you put the emphasis of this argument in the wrong place.

Even if Twitter used OAuth, a service you link would still be able to nefariously post spam to your account. The vital difference, and the part that should be emphasised, is not that they’re prevented from doing it, it’s that you’re able to revoke their ability to do it, without changing your password, and without having to update your other third party applications.

You can file issues or provide corrections: View Source on Github. Contributor credits.