Comments on: Twitter and the Password Anti-Pattern

By: almost effortless » Weekly Digest, 1-11-09

almost effortless » Weekly Digest, 1-11-09 — Tue, 30 Mar 2010 15:55:09 +0000

[...] Twitter and the Password Anti-Pattern The more frequently we do this, the more routine it becomes, the more we become desensitized to the inherent risks in this behavior. And so we take it for granted that we must cough up a username and password in order to try out that new shiny service, given the countless times previously where nothing bad happened. [...]

By: Identity, relationships and why OAuth and OpenID matter « Derivadow.com

Identity, relationships and why OAuth and OpenID matter « Derivadow.com — Thu, 08 Jan 2009 15:17:06 +0000

[...] aren’t trying to do anything malicious – far from it — as Chris Messina explains: The difference between run-of-the-mill phishing and password anti-pattern cases is intent. Most [...]

By: Twitter Security Fiesta Post-Mortem | Startup Security

Twitter Security Fiesta Post-Mortem | Startup Security — Tue, 06 Jan 2009 19:20:52 +0000

[...] can wade through the various misconceptions. Chris Messina actually has a fantastic blog post on password usage and Twitter. Unfortunately, there is still the misconception that OAuth would have fixed this and prevented the [...]

By: OAuth for Twitter now!

OAuth for Twitter now! — Tue, 06 Jan 2009 15:16:50 +0000

[...] application need a reliable and useful authentication-mechanism as well. As Chris Messina puts it: Everyone’s got their priorities and Twitter has come a long way in the past several months in [...]

By: Let's kill the password anti-pattern before the next web cycle » By Elias Bizannes » article » Liako.Biz

Tue, 06 Jan 2009 00:40:51 +0000

[...] by Chris Messina, I would like to see us all agree on making 2009 the year we kill the password anti-pattern. [...]

By: buildblog | Berühmte Twitter Accounts gehackt

buildblog | Berühmte Twitter Accounts gehackt — Mon, 05 Jan 2009 20:30:28 +0000

[...] sie auch nicht gehackt, sondern jemand ganz anderes. Immerhin verwendet Twitter seit Ewigkeiten das Anti-Pattern der Authentifzierung schlechthin… Tags: Password. hacking, Twitter, [...]

By: Network Security Blog » Four information points on Twitter phishing

Network Security Blog » Four information points on Twitter phishing — Mon, 05 Jan 2009 16:22:18 +0000

[...] Twitter and the Password anti-pattern – I’ve only gotten about half way through this paper, but I like the ideas I’m reading. This is basically an argument for taking Twitter beyond username/password and adding in functionality that would allow you to share some of your capabilities as a user with a third party. [...]

By: Perception and reality in the land of OpenID | FactoryCity

Perception and reality in the land of OpenID | FactoryCity — Sun, 04 Jan 2009 23:11:43 +0000

[...] FactoryCity This can all be made better. Ready? Begin. Skip to content AboutArchivesTagsProjectsLinksScreenshotsContact « Twitter and the Password Anti-Pattern [...]

By: Twitter and Facebook hit by phishing attacks | Technology | guardian.co.uk

Sun, 04 Jan 2009 20:43:03 +0000

[...] Chris Messina and others have pointed out, Twitter ought to support a mechanism such as OAuth for “delegated authentication”, and [...]

By: Chris Messina

Chris Messina — Sun, 04 Jan 2009 03:33:21 +0000

The irony, Tom, is that Twitter titled their post “Don’t Share Your Secret Info!” and yet that’s the only way that you can use third-party apps, which Twitter clearly promotes. If Twitter says “don’t share your secret info” but don’t provide a way to still make use of third party apps, it’s ironic because we’ve been saying that all along.

I think it’s time for your mom to send you to your room. You need to study more.