Wary of giving your password to yet another site? – OAuth to the rescue

Note: This post might be a little dated. It was published in January 2008.

Woah there! You’ve found yourself on an old article. Take note of the date before reading.

I’ve just been doing a spot of reading about oAuth and thought I’d do a quick post on it. This was a hot topic back in October, so I seem to be rather late to the discussion – if you are too, read on…

“Giving your email account password to a social network site so they can look up your friends is the same thing as going to dinner and giving your atm card and pin code to the waiter when it’s time to pay. Any restaurant asking for your pin code will go out of business, but when it comes to the web, users put themselves at risk sharing the same private information. OAuth to the rescue.” [Excerpt from An end-user overview of oAuth by Eran Hammer-Lahav (Oct 2007)]

So, you might trust Facebook or Linked-in enough to give them your email username & password for their “friend finder” service, but would you trust absolutely anyone? Back in October, Shelfari (A social network site for books) got a lot of stick for doing something dodgy along these lines.

2 comments