As Elias points out in this post over at the DataPortability Project’s Blog, it’s time to fight the password anti-pattern!
Look at twitter and their recent problems with hacked accounts and you know why. And one way to do it would be to e.g. use OAuth, which Twitter still does not implement although AFAIK they are one of the parties involved in creating that standard. Of course it will not solve all problems but the fact is that the more you spread your password over all sorts of services, the more likely it is that somebody with bad intents will be able to use it!
Gladly Twitter made another commitment yesterday to embrace OAuth and start a closed beta OAuth program this month, which is great (and hopefully coming soon). I hope this will really happen because they talked about OAuth some time before. Of course back then many things happened (like Twitter becoming successful) which shifted priorities but nevertheless it’s time now to concentrate on a better API authorization!
I for now will refrain from using any additional Twitter services until OAuth is in place! And btw, where is the line between phishing and a bad site asking for your twitter password for their service?