While users were originally drawn to Twitter because it offered an alternative to bloated social networking sites like MySpace and Facebook, the honeymoon with straight ‘tweeting’ soon wore off, and users wanted to add a little something extra to spice up their Twitter experience.
Dozens of third-party Twitter apps were created to enhance the previously text-only Twitter experience, including user favorite apps like TwitPic, TwitterFox, and Twitterfied. But along with these added features comes an added risk for security, since those using the apps are required to give third-party sites their information. But if the newly created OAuth does what developers are promising, users might find their security concerns of using third-party Twitter apps to be a thing of the past.
According to CNET, OAuth is an open standard for online communication that will let users to store their information on only one site (in this case, Twitter), while allowing other third-party sites to access that information for authentication purposes. But OAuth is unique in that it will let users be authenticated on third-party sites without those third-party sites seeing their identity.
In many ways, it’s like going to a theme park: You show your ID at the front booth and are then given a ticket that gives you access to the rest of the park. You don’t need to worry about giving anyone else your information because you have a ticket saying that it’s okay for you to be in the park. OAuth works in much the same way; you will be able to visit third-party sites without showing your identity because you have a kind of ‘ticket’ that says you can be there, but doesn’t tell who you are.
While it might sound too good to be true, even Google has given OAuth its stamp of approval. Promising to offer OAuth support for sharing data through its Google Data interface, Google has also promised to use OAuth as the standard for widget platform Google Gadgets (CNET).
Do you think that OAuth can work the way developers are promising, or is the potential for security risks still pretty high? Feel free to add your thoughts to the Comments area below to get a discussion going with other readers. You can learn more about OAuth by reading the CNET article.
Keep the local security community going strong by becoming a subscriber of our site. You can also spread the word about NovaInfosecPortal
by passing this post along to a friend.