Twitter has migrated to OAuth for authentication, meaning third-party apps will no longer have to store and send user credentials over the Internet when the application is used.
Twitter has completed its move to OAuth for authentication for all
OAuth allows people to use applications without them storing their
passwords. In the past, Twitter officials explained
in a blog post
, developers have been able to choose between basic
authentication and OAuth to enable Twitter applications to access user
accounts. Both methods require the user's permission, but with basic authentication,
users must provide their password and username for the application to access
Twitter and the program has to store and send the data over the Internet each
time the application is used.
"With OAuth, you still individually approve each application before
using it, and you can revoke access at any time," according to Twitter. "To
see which applications you have authorized or to revoke access, just go to the
Connections section under Settings."
"One thing to note-to continue to use your favorite applications, you
should make sure you are running the latest version of the app," the
company continued. "Otherwise, you may soon find that it doesn't work
The plan to change from basic authentication to OAuth has been known
for several months, as Twitter announced in December it would migrate to OAuth
and stop supporting basic authentication. Attackers, however, appear to be
trying to capitalize on the change, and were observed today pushing a
fake TweetDeck via hacked Twitter accounts. The update is actually
"The bogus TweetDeck updates are taking advantage of some of the
confusion surrounding Twitter's switch to using only OAuth for third-party
applications," said Richard Wang, manager of SophosLabs US. "Users of
TweetDeck and any other tools should be wary of unverified and anonymous links
and only obtain updated software from the application's own download site."
The real version of TweetDeck is already using OAuth, as are applications
such as Seesmic, Twitterrific and Echofon.
To Wang, OAuth is key to the safe use of services like Twitter because it
keeps log-in and password details encrypted when accessing services using
"Without OAuth it would be very easy for anyone monitoring your network
traffic to steal your log-in and password details and take control of your
Twitter account," he said.