oAuth enables the third party app to pull/push the user's Twitter info without requiring them to sign in everytime.
This generally requires users to authorise the third party app.
However, if the users account is compromised, someone can automate the authorization process.
The following link explains how this happens in real life.
http://www.net-security.org/secworld.php?id=8823
To prevent your twitter account from being hacked is pretty easy. Following are some tips:
1. Never use the same password for all your websites.
2. Use a strong password which is atleast 12 character long containing a random number of alphanumeric and numeric characters.
3. Think twice before authorizing an app to use your Twitter credentials.
This is easier said done...most people cannot remember complicated passwords and tend to use the same password or simple passwords that is easy to guess or hack.
The other option is to use a password generator that generates a unique password for each of your website account. And there are many such password generators including the one we have developed which is available for free at 0pass.com and mycloudkey.com
The best way however would be if twitter offered a automatic password generator themselves so people do not have to define complicated passwords. The password generated would unique to the user's profile or device.
Such a solution would be more trusted and credible instead of a third party solution.
No comments:
Post a Comment