The twitter screen name is less of a concern, yes John. But a Twitter
username can take an email address also, which isn't information otherwise
provided by the API and is personally identifiable and especially dangerous
when stored in conjunction with a password. A screen name, in context with
data we return to you falls under our rather liberal caching policies -- you
get the screen name along with the user id as a response to a valid access
token request.

Taylor Singletary
Developer Advocate, Twitter

On Tue, Apr 27, 2010 at 3:28 PM, John Meyer <> wrote:

> On the xAuth page you say "Storage of Twitter usernames and passwords is
> forbidden".  Now given that you don't want applications needlessly querying
> the system and you've encouraged caching of information that isn't likely to
> change overtime (such as a username, screenname, etc), would I be incorrect
> in presuming that you are more focused in not having the password stored
> than the username?

Reply via email to