Well said, Duane.
Thanks,
Doug

On Wed, Jul 29, 2009 at 7:18 AM, Duane Roelands <duane.roela...@gmail.com>wrote:

>
> First, let me state from the start that I am no fan of OAuth,
> Twitter's implementation of it, or the way that they've behaved with
> regard to it.  Now, with all that being said.
>
> If your website expects me to hand over my Twitter password, I'm not
> using your web site.  Just yesterday, another scam site (TwitViewer)
> managed to steal thousands of accounts, and convince other people to
> hand over their information because it was posting tweets from the
> stolen accounts.
>
> OAuth is not perfect, but it provides individual users and Twitter
> with a way to identify bad actors and lock them out of the ecosystem.
>
> OAuth works.  There are examples out there.  There are developers who
> are willing to help you.
>
> Implementing OAuth tells your customers that the security of their
> account is important to you, and shutting down Basic Auth trains your
> users to stop giving away their password.  If your product has value,
> and you clearly communicate what that value is, the users will use
> OAuth.
>
>
>
> On Jul 29, 9:10 am, Dewald Pretorius <dpr...@gmail.com> wrote:
> > It would not surprise me at all if using OAuth resulted in fewer
> > signups.
> >
> > Potential technical advantages of OAuth aside, every additional click
> > that you add in the conversion process adds an addition leakage point
> > where some users can and will abandon the signup process.
>

Reply via email to