I’ve noticed something very disturbing in the Twittosphere lately. A lot of people are promoting a bunch of insanely dodgy sites that claim to get you tons of followers and let you become a Tweetelite in no friggin’ time at all.
Getting heaps and heaps of followers on Twitter seems to be something that a lot of people desire (I’m also guilty of this) and a select group of these people are so extremely interested in this that that they’re willing to give their password to complete strangers in order to achieve this objective.
Here’s the catch though: A lot of these sites (I’ve linked to a few of them above) promising you to “get a lot of followers for FREE” (or insert- random-bullshit-catch-phrase-here) are generally operated by a bunch of scammers, spammers and down right internet trolls.
What has happened is that a lot of people have signed up for these sites in the quest for hundreds and thousands of new followers. If you take a look at some of the infected accounts, you’ll clearly see that the creators behind these follow-applications have used these accounts (and loads of others) to virally spread the message of their scam application and thus infecting and (potentially) taking control of even more accounts.
Why you should never give your Twitter password to complete strangers 101
Just to explain something here: as soon as you enter your username and password on one of these sites the people behind them can store your credentials, do whatever they like with your account and ultimately, log in to your account and change your account password. Awesome Twitter account be gone!
And that’s not even the worst part. By logging in to your account these people can find out what your email address is, and if you’re like a lot of the people online who have the same password for all their online presences, they can hijack your email account as well.
All you wanted was to get a few more followers and now suddenly you can’t access your e-mail account where you’ve stored a lot of personal information and if you’re unlucky, credit card information and usernames and passwords to other accounts as well. Hey, I might stretch this to the furthest, but it was actually something like this that lead to the leak of 310 or so confidential documents about Twitter.
The solution: Oauth, baby!
Something I think a lot of tweeps aren’t aware of is the fact that you don’t have to supply your password in order to use applications that integrates with the Twitter API.
Twitter has been supporting the authentication protocol Oauth for quite a while, and using this protocol you grant applications access to your account instead of supplying your password. There’s no exchange of passwords whatsoever.
Another awesome thing with Ouath is that you’ll be able to revoke access (and also change read and write permissions) for the applications directly from your Twitter account (Click on the ‘Connections’-tab in the settings section).
If you grow tired of an application, you can just revoke it’s access from there - there’s no need to log in to the third-party application and delete your account and stuff like that. Neat! Basically, the only way to do this using the password-based approach is to change your account password.
My policy
When dealing with third-party applications I have the following policy:
- Never ever (and ever, and ever…) enter my password for a web-based third-party application. If the people behind the app is legitimate and serious about their application, they’ll authenticate accounts using OAuth. Pretty much how WeFollow, Tr.im and soon-to-be Tweet-o-matic (shameless self-promotion :D) does it.
- Only supply my password to trusted desktop clients (I haven’t really done a lot of research about this, but the desktop clients are lagging behind in implementing OAuth based authentication).
I might be pretty darn biased, but this seems like a very healthy policy :).
Spread the word
If you’ve signed up to any of these sites, opt-out if that’s possibly or as an ultimate resort - change your password. There will be no warning from the scammers when they’ll suddenly decide to steal and lock you out from your account.
And please spread and RT this post on Twitter if you want to stop people from getting ripped off.
10 comments so far leave a comment ↓
Anna
July 24th, 2009 at 1:09 am
Hey, thanks for the great security info Seb, I was just discussing this the other day to a friend who lost her twitter account to something similar to this.
Howard
July 27th, 2009 at 5:25 pm
I have entered my twitter username and password in several softwares - but they have been legit
Just goes to show that there’s always somebody scheming to take people for a ride, no matter the grief they’ll cause
Rico
July 28th, 2009 at 10:54 am
Good post! Good advice!
I’ve got somehow to these pages, too, but kept my fingers of it.
Junior
August 2nd, 2009 at 5:15 am
I never did share my passwords but I’m not actually sure how safe it is. Thanks for the info.
Darren Sproat
August 3rd, 2009 at 5:44 am
Thanks so much about never shareing our passwords… we all need reminders every now and then because this one area we can easily become complacent about. Nice read!! :-)
Life Quote
August 5th, 2009 at 12:33 am
Great advice. Never give away a password for anything. It is like giving a total stranger your adress and letting them know where the spare key is hidden. No good can come of it.
Rico
June 2nd, 2010 at 12:24 pm
Has anyone heard anymore about password potential problems. I never thought about twitter/password thing until I read the post. Thanks again!
Anna
June 13th, 2010 at 5:09 pm
Wanted to drop by again and browse the latest comments. :-)
Life Quote
June 13th, 2010 at 5:11 pm
I was suitably impressed about your comments of not sharing our passwords… great stuff!!!
AmericanVietnamese
July 11th, 2010 at 2:06 am
Thanks for the info! I am definitely going to check out oauth for integration with twitter!