A word of caution: Keep your Twitter password to yourself

Jul 23, 2009 by     14 Comments    Posted under: twitter
Twitter following scam

I’ve noticed something very disturbing in the Twittosphere lately. A lot of people are promoting a bunch of insanely dodgy sites that claim to get you tons of followers and let you become a Tweetelite in no friggin’ time at all.

Getting heaps and heaps of followers on Twitter seems to be something that a lot of people desire (I’m also guilty of this) and a select group of these people are so extremely interested in this that that they’re willing to give their password to complete strangers in order to achieve this objective.

An infected account

Here’s the catch though: A lot of these sites (I’ve linked to a few of them above) promising you to “get a lot of followers for FREE” (or insert- random-bullshit-catch-phrase-here) are generally operated by a bunch of scammers, spammers and down right internet trolls.

What has happened is that a lot of people have signed up for these sites in the quest for hundreds and thousands of new followers. If you take a look at some of the infected accounts, you’ll clearly see that the creators behind these follow-applications have used these accounts (and loads of others) to virally spread the message of their scam application and thus infecting and (potentially) taking control of even more accounts.

Why you should never give your Twitter password to complete strangers 101

iWantFollowers.com

Just to explain something here: as soon as you enter your username and password on one of these sites the people behind them can store your credentials, do whatever they like with your account and ultimately, log in to your account and change your account password. Awesome Twitter account be gone!

And that’s not even the worst part. By logging in to your account these people can find out what your email address is, and if you’re like a lot of the people online who have the same password for all their online presences, they can hijack your email account as well.

All you wanted was to get a few more followers and now suddenly you can’t access your e-mail account where you’ve stored a lot of personal information and if you’re unlucky, credit card information and usernames and passwords to other accounts as well. Hey, I might stretch this to the furthest, but it was actually something like this that lead to the leak of 310 or so confidential documents about Twitter.

The solution: Oauth, baby!

Managing applications on Twitter

Something I think a lot of tweeps aren’t aware of is the fact that you don’t have to supply your password in order to use applications that integrates with the Twitter API.

Twitter has been supporting the authentication protocol Oauth for quite a while, and using this protocol you grant applications access to your account instead of supplying your password. There’s no exchange of passwords whatsoever.

Another awesome thing with Ouath is that you’ll be able to revoke access (and also change read and write permissions) for the applications directly from your Twitter account (Click on the ‘Connections’-tab in the settings section).

If you grow tired of an application, you can just revoke it’s access from there – there’s no need to log in to the third-party application and delete your account and stuff like that. Neat! Basically, the only way to do this using the password-based approach is to change your account password.

My policy

When dealing with third-party applications I have the following policy:

  1. Never ever (and ever, and ever…) enter my password for a web-based third-party application. If the people behind the app is legitimate and serious about their application, they’ll authenticate accounts using OAuth. Pretty much how WeFollow, Tr.im and soon-to-be Tweet-o-matic (shameless self-promotion :D) does it.
  2. Only supply my password to trusted desktop clients (I haven’t really done a lot of research about this, but the desktop clients are lagging behind in implementing OAuth based authentication).

I might be pretty darn biased, but this seems like a very healthy policy :).

Spread the word

If you’ve signed up to any of these sites, opt-out if that’s possibly or as an ultimate resort – change your password. There will be no warning from the scammers when they’ll suddenly decide to steal and lock you out from your account.

And please spread and RT this post on Twitter if you want to stop people from getting ripped off.

Tags: , , , , ,

14 Comments + Add Comment

  • Anna July 24, 2009 at 1:09 am

    Hey, thanks for the great security info Seb, I was just discussing this the other day to a friend who lost her twitter account to something similar to this.

  • Howard July 27, 2009 at 5:25 pm

    I have entered my twitter username and password in several softwares – but they have been legit

    Just goes to show that there’s always somebody scheming to take people for a ride, no matter the grief they’ll cause

  • Rico July 28, 2009 at 10:54 am

    Good post! Good advice!

    I’ve got somehow to these pages, too, but kept my fingers of it.

  • Junior August 2, 2009 at 5:15 am

    I never did share my passwords but I’m not actually sure how safe it is. Thanks for the info.

  • Darren Sproat August 3, 2009 at 5:44 am

    Thanks so much about never shareing our passwords… we all need reminders every now and then because this one area we can easily become complacent about. Nice read!! :-)

  • Life Quote August 5, 2009 at 12:33 am

    Great advice. Never give away a password for anything. It is like giving a total stranger your adress and letting them know where the spare key is hidden. No good can come of it.

  • Rico June 2, 2010 at 12:24 pm

    Has anyone heard anymore about password potential problems. I never thought about twitter/password thing until I read the post. Thanks again!

  • Anna June 13, 2010 at 5:09 pm

    Wanted to drop by again and browse the latest comments. :-)

  • Life Quote June 13, 2010 at 5:11 pm

    I was suitably impressed about your comments of not sharing our passwords… great stuff!!!

  • AmericanVietnamese July 11, 2010 at 2:06 am

    Thanks for the info! I am definitely going to check out oauth for integration with twitter!

  • Dehumidifier Review October 18, 2010 at 6:43 am

    This help page provides some information and tips to help us practice safe Tweeting and keep our account secure. Here are some basics: You’re working to improve your responses to security threats, but user accounts and computers can sometimes become compromised by phishing, hacks, or viruses.

  • Terracotta Army October 21, 2010 at 9:01 am

    Twitter can be a powerful tool for connecting with current and potential clients. It is also a great way to showcase our knowledge and position ourself as an expert in our field. In this article I will find ideas to help me get the most out of our Twitter experience.

  • Marble Games February 9, 2011 at 9:03 am

    This is a great advice. Twitter is very powerful tool for connecting with current and potential clients.

  • julian macknzee October 16, 2012 at 11:04 am

    thanks for sharing this useful information with us there are many people present there who feel happy to disturbing others life

Got anything to say? Go ahead and leave a comment!