Articles

OAuth and OpenID everywhere

In Uncategorized on 2010-02-08 by Kyle Maxwell Tagged: , , , , , ,

One of the reasons I have two sites here on Posterous and only one on Tumblr stems from my opposition to giving out my Twitter password to everybody that asks for it. We have OAuth now so that I can authorize your app to talk to Twitter for me without you actually needing my credentials directly. While my thoughts on passwords as a broken mechanism don’t really belong on this particular blog, I do want OAuth and OpenID (or something like them) everywhere. Not only do I not want to share my Twitter (and Gmail and whatever else) password with you, I’d really rather not have to create a whole new account for your site, complete with yet another password and profile setup and whatever.

It might take some extra effort, but I don’t know that that effort necessarily comes out to less than the effort required to create a secure authentication and authorization setup for your site. (Not to mention that many sites fail at the “secure” bit of that.) And it rapidly becomes a differentiator: I can use your site without having to jump through a gazillion hoops that benefit you the developer instead of me the user? Oh, and maybe that means you can easily connect me to my existing friends on your site? That drives more traffic and usage for you and keeps me interested because of the community, by the way, so everybody winds.

Please, won’t somebody think of the users?

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: