Well said, Duane. Thanks, Doug On Wed, Jul 29, 2009 at 7:18 AM, Duane Roelands <[email protected]>wrote:
> > First, let me state from the start that I am no fan of OAuth, > Twitter's implementation of it, or the way that they've behaved with > regard to it. Now, with all that being said. > > If your website expects me to hand over my Twitter password, I'm not > using your web site. Just yesterday, another scam site (TwitViewer) > managed to steal thousands of accounts, and convince other people to > hand over their information because it was posting tweets from the > stolen accounts. > > OAuth is not perfect, but it provides individual users and Twitter > with a way to identify bad actors and lock them out of the ecosystem. > > OAuth works. There are examples out there. There are developers who > are willing to help you. > > Implementing OAuth tells your customers that the security of their > account is important to you, and shutting down Basic Auth trains your > users to stop giving away their password. If your product has value, > and you clearly communicate what that value is, the users will use > OAuth. > > > > On Jul 29, 9:10 am, Dewald Pretorius <[email protected]> wrote: > > It would not surprise me at all if using OAuth resulted in fewer > > signups. > > > > Potential technical advantages of OAuth aside, every additional click > > that you add in the conversion process adds an addition leakage point > > where some users can and will abandon the signup process. >
