Why the Recent Twitter Phishing Will Hurt Developers

And what Twitter needs to do

Twitter is built off the back of a huge community of developers who have created Twitter apps for pretty much every platform.  And don't forget all the spin-off apps such as Twit-Pic, Tweetburner etc. which add great features to the popular micro-blogging platform.

But as a developer of a Twitter app myself, I know the recent Twitter phishing attacks will hurt my app.  See, in order to access most of the functionalities of the Twitter API a user needs to be authenticated, and so they need to give their login details to the third party.

This can be risky!  And the issue has been thrown into the spotlight with the recent attacks.  Unfortunately Twitter doensnt offer an alternative to this flawed system and with confidence in Twitter apps is dropping.

With third party applications playing such a vital part in the Twitter eco-system, its time for Twitter to step up to the plate and rethink how the API authenticates users.  They could use a system similar to Facebook or Google Connect.

Currently as a developer all I can do is keep having users pass over their login details which, with our setup, can't be accessed by anyone - they are encrypted and not stored.  But all it takes is one dodgy developer to build an app and grab access to thousands of accounts.

So Twitter, the ball is in your court.

Back Home