First, let me state from the start that I am no fan of OAuth,
Twitter's implementation of it, or the way that they've behaved with
regard to it. Now, with all that being said.
If your website expects me to hand over my Twitter password, I'm not
using your web site. Just yesterday, another scam site (TwitViewer)
managed to steal thousands of accounts, and convince other people to
hand over their information because it was posting tweets from the
OAuth is not perfect, but it provides individual users and Twitter
with a way to identify bad actors and lock them out of the ecosystem.
OAuth works. There are examples out there. There are developers who
are willing to help you.
Implementing OAuth tells your customers that the security of their
account is important to you, and shutting down Basic Auth trains your
users to stop giving away their password. If your product has value,
and you clearly communicate what that value is, the users will use
On Jul 29, 9:10 am, Dewald Pretorius <dpr...@gmail.com> wrote:
> It would not surprise me at all if using OAuth resulted in fewer
> Potential technical advantages of OAuth aside, every additional click
> that you add in the conversion process adds an addition leakage point
> where some users can and will abandon the signup process.