Today I wanted to chat about Twitter security. With all of the great Twitter apps out there, I was curious about security relating to Twitter account. I notice that alot of these apps require you to supply your Twitter username and password. Personally, I think this is a bit crazy. The thought of submitting my user credentials to a third party app. What I’m mostly surprised is the amount of people that do this. I am blown away that Twitter hijacking isn’t widespread and out of control. Seems like a malicious person could write a simple twitter application and start gathering credentials for spamming purposes or selling the information to others?

To me, it’s the same as supplying your mail user/pass to access this site. I don’t think many would. With that said, I do use twitter apps that require me to login via Twitter’s authentication interface and get redirected back to a application. To me there is a level of security there, since the authentication piece happens at Twitter.

I’m curious, do other have similar feelings in regards to security?

On this topic, I re-tweeted a nice little article titled “Twitter Security Do’s and Don’ts” that discusses some great practices to improve security.

Here is a quick breakdown:

1. Never use your password on suspicious third party sites (this is what I’m talking about)
2. Don’t be too specific
3. Don’t spit excessive personal information
4. Call the police, don’t tweet about it
5. Don’t tweet about moving servers, etc
6. Try to use oath whenever possible (this is something I recommend highly)
7. Choose a strong password ( I also recommend changing it on occasion)
8. Do use direct messages when appropriate
9. Having a private separate account for work.

Also, I came across another article titled “11 Useful Twitter Tools That Don’t Require Your Password“, which has some good tools listed there.

It’s seems like it’s a matter of time before Twitter hijackingor malicious abuse will run rampant. I’m hoping for the best, but trying to prepare for the worst.