I understand the reasoning behind OAuth, and think it's a step in the right
direction, but, does Twitter have plans to improve and move to a better Auth
system than OAuth? With Facebook Connect I just have to click once, and if
the user is already logged in and approved my app, they never see the
Facebook login box again. Where as with Twitter there are 3 points of
potential failure every single time the user logs in. It's a Ux nightmare,
IMO. While it does solve a problem, I don't think OAuth is the end or ideal
solution. Are there plans to improve this process?
On Wed, Jul 29, 2009 at 1:05 PM, Doug Williams <d...@twitter.com> wrote:
> Well said, Duane.
> On Wed, Jul 29, 2009 at 7:18 AM, Duane Roelands
>> First, let me state from the start that I am no fan of OAuth,
>> Twitter's implementation of it, or the way that they've behaved with
>> regard to it. Now, with all that being said.
>> If your website expects me to hand over my Twitter password, I'm not
>> using your web site. Just yesterday, another scam site (TwitViewer)
>> managed to steal thousands of accounts, and convince other people to
>> hand over their information because it was posting tweets from the
>> stolen accounts.
>> OAuth is not perfect, but it provides individual users and Twitter
>> with a way to identify bad actors and lock them out of the ecosystem.
>> OAuth works. There are examples out there. There are developers who
>> are willing to help you.
>> Implementing OAuth tells your customers that the security of their
>> account is important to you, and shutting down Basic Auth trains your
>> users to stop giving away their password. If your product has value,
>> and you clearly communicate what that value is, the users will use
>> On Jul 29, 9:10 am, Dewald Pretorius <dpr...@gmail.com> wrote:
>> > It would not surprise me at all if using OAuth resulted in fewer
>> > signups.
>> > Potential technical advantages of OAuth aside, every additional click
>> > that you add in the conversion process adds an addition leakage point
>> > where some users can and will abandon the signup process.