A word of caution: Keep your Twitter password to yourself
I’ve noticed something very disturbing in the Twittosphere lately. A lot of people are promoting a bunch of insanely dodgy sites that claim to get you tons of followers and let you become a Tweetelite in no friggin’ time at all.
Getting heaps and heaps of followers on Twitter seems to be something that a lot of people desire (I’m also guilty of this) and a select group of these people are so extremely interested in this that that they’re willing to give their password to complete strangers in order to achieve this objective.
Here’s the catch though: A lot of these sites (I’ve linked to a few of them above) promising you to “get a lot of followers for FREE” (or insert- random-bullshit-catch-phrase-here) are generally operated by a bunch of scammers, spammers and down right internet trolls.
What has happened is that a lot of people have signed up for these sites in the quest for hundreds and thousands of new followers. If you take a look at some of the infected accounts, you’ll clearly see that the creators behind these follow-applications have used these accounts (and loads of others) to virally spread the message of their scam application and thus infecting and (potentially) taking control of even more accounts.
Why you should never give your Twitter password to complete strangers 101
Just to explain something here: as soon as you enter your username and password on one of these sites the people behind them can store your credentials, do whatever they like with your account and ultimately, log in to your account and change your account password. Awesome Twitter account be gone!
And that’s not even the worst part. By logging in to your account these people can find out what your email address is, and if you’re like a lot of the people online who have the same password for all their online presences, they can hijack your email account as well.
All you wanted was to get a few more followers and now suddenly you can’t access your e-mail account where you’ve stored a lot of personal information and if you’re unlucky, credit card information and usernames and passwords to other accounts as well. Hey, I might stretch this to the furthest, but it was actually something like this that lead to the leak of 310 or so confidential documents about Twitter.
The solution: Oauth, baby!
Something I think a lot of tweeps aren’t aware of is the fact that you don’t have to supply your password in order to use applications that integrates with the Twitter API.
Twitter has been supporting the authentication protocol Oauth for quite a while, and using this protocol you grant applications access to your account instead of supplying your password. There’s no exchange of passwords whatsoever.
Another awesome thing with Ouath is that you’ll be able to revoke access (and also change read and write permissions) for the applications directly from your Twitter account (Click on the ‘Connections’-tab in the settings section).
If you grow tired of an application, you can just revoke it’s access from there – there’s no need to log in to the third-party application and delete your account and stuff like that. Neat! Basically, the only way to do this using the password-based approach is to change your account password.
When dealing with third-party applications I have the following policy:
- Never ever (and ever, and ever…) enter my password for a web-based third-party application. If the people behind the app is legitimate and serious about their application, they’ll authenticate accounts using OAuth. Pretty much how WeFollow, Tr.im and soon-to-be Tweet-o-matic (shameless self-promotion :D) does it.
- Only supply my password to trusted desktop clients (I haven’t really done a lot of research about this, but the desktop clients are lagging behind in implementing OAuth based authentication).
I might be pretty darn biased, but this seems like a very healthy policy :).
Spread the word
If you’ve signed up to any of these sites, opt-out if that’s possibly or as an ultimate resort – change your password. There will be no warning from the scammers when they’ll suddenly decide to steal and lock you out from your account.
And please spread and RT this post on Twitter if you want to stop people from getting ripped off.
14 Comments + Add Comment
Got anything to say? Go ahead and leave a comment!
- Issue using Chosen with Jammit for Ruby on Rails
- 150 Google+ invites to give away
- I don’t give a chainsaw about anythin’
- New Design + Update
- Thailand and Paradise Business Camp
- RoboBlogger is looking for additional beta testers
- What I’ve been up to the past year
- Things to come
- A Brief Guide to World Domination
- Matt is awesome