August 20, 2010

Review and clean up your Twitter connections

I like trying out new tools and apps.  One thing I like about Twitter is that there are plenty of Twitter clients out there.  We have a lot of choice in choosing a client that suits our needs and preferences. I keep trying various Twitter clients every now and then.

Now, a small detour about how you'd authorize a Twitter client to access your account.  There are two ways a third party Twitter client would ask for access to your account: 1. by providing your user name and password to the client, and 2. by using OAuth.  Option 2 is a lot more secure than option 1 because when you are giving away your password to a person or a program, that person or program has unlimited access to your account.  By "unlimited" I mean they can do anything whatsoever including changing your password and even deleting your account permanently!  But if you authorize a client via OAuth, it has limited access to your account, so it cannot do much harm.  (But sadly, many Twitter clients don't support OAuth yet!)

The best part about OAuth is that when you stop using an app, you can revoke the permissions you gave to that app.  (You can do that from Twitter Connections settings.)  If you had shared your password with an evil person or app, your only choice is to change the password.

Today I was casually going through my Twitter settings and found that I had authorized many third party clients to tweet on my behalf.  I had stopped using most of those clients, but I didn't know that these permissions are persistent (i.e. authorizations persist even after we uninstall the clients).



Leaving only the clients that I use currently, I revoked access to all other clients.  You also go ahead to Twitter Connections and remove unwanted apps from there.

PS: Facebook scene is probably worse since you would have unknowingly authorized many Facebook apps.  See my previous post to learn more.

2 comments:

  1. Many of the clients don't support OAuth bcoz its kind of difficult to implement and with the number of oauth libraries growing in javascript, java, ruby i think now it should be easy to use oauth, we have enabled oauth @ http://app.apigee.com/console/twitter

    ReplyDelete
  2. @Mehar: I am seeing this app only now. The console looks neat. Will be very useful when developing something using an API.

    ReplyDelete