Comments on: It’s time to fight the password anti-pattern! http://mrtopf.de/blog/en/its-time-to-fight-the-password-anti-pattern/ Web2.0, Plone, Second Life, New Marketing, Data Portability Thu, 09 Sep 2010 13:44:43 +0000 http://wordpress.org/?v=2.7.1 hourly 1 By: Christian Scholz http://mrtopf.de/blog/en/its-time-to-fight-the-password-anti-pattern/comment-page-1/#comment-5174 Christian Scholz Wed, 07 Jan 2009 09:48:32 +0000 http://mrtopf.de/blog/?p=1074#comment-5174 Right, OAuth itself is not the answer and the recent attacks also had nothing to do with having OAuth or not (as I assume not all the celebs use too many external apps). Moreover if http://blog.wired.com/27bstroke6/2009/01/professed-twitt.html is true, then they should have other things to do as well, like training their staff to use proper passwords. But of course without OAuth a Phishing scam is much easier to do because people are used to be asked for their twitter password. If they wouldn't be used to that (and now if course it's hard to get this out of people's heads) phishing should be at least a little bit harder. Moreover it would prevent from bad sites or tools collecting your password. What is also means is probably to educate users and IMHO all those websites out there could do a much better job at that. Right, OAuth itself is not the answer and the recent attacks also had nothing to do with having OAuth or not (as I assume not all the celebs use too many external apps). Moreover if http://blog.wired.com/27bstroke6/2009/01/professed-twitt.html is true, then they should have other things to do as well, like training their staff to use proper passwords.

But of course without OAuth a Phishing scam is much easier to do because people are used to be asked for their twitter password. If they wouldn’t be used to that (and now if course it’s hard to get this out of people’s heads) phishing should be at least a little bit harder. Moreover it would prevent from bad sites or tools collecting your password.

What is also means is probably to educate users and IMHO all those websites out there could do a much better job at that.

]]> By: Steve Repetti http://mrtopf.de/blog/en/its-time-to-fight-the-password-anti-pattern/comment-page-1/#comment-5173 Steve Repetti Tue, 06 Jan 2009 22:44:45 +0000 http://mrtopf.de/blog/?p=1074#comment-5173 Great post, Christian! ...OAuth by itself is not the answer – but it is an important part of the solution. Ultimately the solution involves technologies such as OAuth and OpenID, but it also requires a mindset, commitment, and acceptance of responsibility in proactively keeping the rights of users always in the forefront... [<a href="http://webtechinsight.blogspot.com/2009/01/twitter-hacked-reactively-eyes.html" rel="nofollow">read the full response...</a>] Great post, Christian!

…OAuth by itself is not the answer – but it is an important part of the solution. Ultimately the solution involves technologies such as OAuth and OpenID, but it also requires a mindset, commitment, and acceptance of responsibility in proactively keeping the rights of users always in the forefront…

[read the full response...]

]]>