On Tuesday, an independent hacker and security researcher who goes by the handle Moxie Marlinspike and his Pittsburgh-based startup Whisper Systems launched free public betas for two new privacy-focused programs on Googles Android mobile platform: RedPhone, a voice over Internet protocol VoIP program that encrypts phone calls, and TextSecure, an app for sending and receiving encrypted text messages and scrambling the messages stored in their inbox.
Posts Tagged ‘security’
One of the reasons I have two sites here on Posterous and only one on Tumblr stems from my opposition to giving out my Twitter password to everybody that asks for it. We have OAuth now so that I can authorize your app to talk to Twitter for me without you actually needing my credentials directly. While my thoughts on passwords as a broken mechanism don’t really belong on this particular blog, I do want OAuth and OpenID (or something like them) everywhere. Not only do I not want to share my Twitter (and Gmail and whatever else) password with you, I’d really rather not have to create a whole new account for your site, complete with yet another password and profile setup and whatever.
It might take some extra effort, but I don’t know that that effort necessarily comes out to less than the effort required to create a secure authentication and authorization setup for your site. (Not to mention that many sites fail at the “secure” bit of that.) And it rapidly becomes a differentiator: I can use your site without having to jump through a gazillion hoops that benefit you the developer instead of me the user? Oh, and maybe that means you can easily connect me to my existing friends on your site? That drives more traffic and usage for you and keeps me interested because of the community, by the way, so everybody winds.
Please, won’t somebody think of the users?