On Jan 2, 11:31 pm, "Jesse Stay" <jesses...@gmail.com> wrote:
> Well put Chris - I had forgotten about that. I just want something - I > don't care what, but I need it soon, as it's starting to make it really > difficult to market my App and keep users feeling secure. I *hate* knowing > my users Twitter passwords (I have over 5,000 of them - it's really scary > that I do). I sincerely hope this is top priority for Twitter right now - > it should have been implemented last year so long as they have an API in > place. On my App, it took about 2 hours max to write, test, and implement a > very simple API key system like this for the API I'm providing. I don't get > why it's taking Twitter so long. John Adams from Twitter's operations team replied to my post on this subject: "The plan is to support Basic Auth and OAuth concurrently, for at least 6 months, if not more. "We can’t completely turn off the Basic Auth API without having a large impact to many APIs and clients." http://factoryjoe.com/blog/2009/01/02/twitter-and-the-password-anti-pattern/comment-page-1/#comment-103431 So, you will be given an option (no telling when) to use OAuth instead of the plaintext username/password combo. Of course it means many folks will still use the lowest common denominator (and the most insecure method available) for some time, but at least there will be a good transitional time period where developers who want to use OAuth can do so, paving a path for those who will need to migrate later. Heck if Flickr could get its user base to move over to Yahoo accounts, I imagine Twitter will be able to get app developers and users to move over to OAuth in six months. Chris