Comments on: Wary of giving your password to yet another site? – OAuth to the rescue http://www.90percentofeverything.com/2008/01/05/wary-of-giving-your-password-to-yet-another-site-oauth-to-the-rescue/ User Experience Design & Research, written by Harry Brignull Fri, 10 Feb 2012 12:50:52 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Hanfordhttp://www.90percentofeverything.com/2008/01/05/wary-of-giving-your-password-to-yet-another-site-oauth-to-the-rescue/comment-page-1/#comment-39456 Hanford Mon, 07 Jan 2008 10:03:17 +0000 http://www.90percentofeverything.com/2008/01/05/wary-of-giving-your-password-to-yet-another-site-oauth-to-the-rescue/#comment-39456 One thing you can do for sites like Facebook and other semi-trusted sites is change your password to something temporary, give them your password, let them do their thing, and then change it back. This is only safe if you don't think Facebook is going to do something dodgy while it's got your password. What changing your password does do is makes it so that if somehow Facebook's logs got hacked, and if the password you gave Facebook was somehow in those logs, then the hackers have a deadend password. I've never ever even clicked that button on Facebook for fear it will do something horrible like spam all my friends. One thing you can do for sites like Facebook and other semi-trusted sites is change your password to something temporary, give them your password, let them do their thing, and then change it back. This is only safe if you don’t think Facebook is going to do something dodgy while it’s got your password. What changing your password does do is makes it so that if somehow Facebook’s logs got hacked, and if the password you gave Facebook was somehow in those logs, then the hackers have a deadend password.

I’ve never ever even clicked that button on Facebook for fear it will do something horrible like spam all my friends.

]]> By: Anitahttp://www.90percentofeverything.com/2008/01/05/wary-of-giving-your-password-to-yet-another-site-oauth-to-the-rescue/comment-page-1/#comment-39449 Anita Mon, 07 Jan 2008 08:12:25 +0000 http://www.90percentofeverything.com/2008/01/05/wary-of-giving-your-password-to-yet-another-site-oauth-to-the-rescue/#comment-39449 This idea of being taken to another site to sign in sounds phishable. You could send them to a spoof site that looks and feels like the original, then get them to sign in. The user might do so because they are used to this happening, and because they falsely believe it is somehow safe because they are protected by oAuth. Just a thought. This idea of being taken to another site to sign in sounds phishable.

You could send them to a spoof site that looks and feels like the original, then get them to sign in. The user might do so because they are used to this happening, and because they falsely believe it is somehow safe because they are protected by oAuth.

Just a thought.

]]>