Simon Willison's Weblog: passwordantipattern

Antipatterns for sale

2009-01-02T10:48:17+00:00

Twply collected over 800 Twitter usernames and passwords (OAuth can’t arrive soon enough) and was promptly auctioned off on SitePoint to the highest bidder.

Tags: jeremy-keith, oauth, passwordantipattern, passwords, security, sitepoint, twitter

Now You Can Sign Into Friend Connect Sites With Your Twitter ID

2008-12-15T17:20:08+00:00

Now You Can Sign Into Friend Connect Sites With Your Twitter ID

Great. Now even Google is asking me for my Twitter password. Slow clap. How’s that Twitter OAuth beta coming along?

Tags: google, oauth, passwordantipattern, security, twitter

Google wants your Hotmail, Yahoo and AOL contacts

2008-09-15T10:39:47+00:00

Google wants your Hotmail, Yahoo and AOL contacts

And they’re using the password anti-pattern to get them! Despite both Yahoo! and Hotmail (and Google themselves; not sure about AOL) offering a safe, OAuth-style API for retrieving contacts without asking for a password. This HAS to be a communications failure somewhere within Google. Big internet companies stand to lose the most from widespread abuse of the anti-pattern, because they’re the ones most likely to be targetted by phishers. Shameful.

Tags: aol, ffs, google, hotmail, oauth, passwordantipattern, phishing, security, shameful, yahoo

Quoting Me

2008-08-13T12:52:30+00:00

The statement that the password anti-pattern "teaches users to be phished" should be rephrased "has taught users to be phished"

— Me, on Twitter

Tags: passwordantipattern, phishing, security, twitter

Facebook Security Advice: Never Ever Enter Your Passwords On Another Site, Unless We Ask You To

2008-08-09T10:18:28+00:00

Facebook Security Advice: Never Ever Enter Your Passwords On Another Site, Unless We Ask You To

Nice to see TechCrunch highlighting the hypocrisy of Facebook advising their users to never enter their Facebook credentials on another site, then asking them for their webmail provider password so they can scrape their address book.

Tags: facebook, hypocrisy, passwordantipattern, passwords, security, techcrunch

Yahoo! Address Book API Delivered

2008-06-04T18:03:46+00:00

Yahoo! Address Book API Delivered

At last, now there’s no excuse to ask your users for their Yahoo! username and password just so you can scrape their address book.

Tags: passwordantipattern, phishing, security, yahoo

Find Your Friends

2008-04-01T01:01:38+00:00

Find Your Friends

Flickr have added a characteristically classy friend import feature, pulling from Gmail, Yahoo! and Hotmail address books without any unhygienic password sharing. It’s a crying shame that the Yahoo! contacts API they are using isn’t available outside the company.

Tags: flickr, gmail, hotmail, passwordantipattern, portablesocialnetworks, yahoo