We’ve had a number of users ask us about the ability to automatically tweet the lists they vote on. Today we’ve activated this function in MakeFive, but it’s taken us a while to get here.
Our hold-up in getting this started is largely a result of us waiting for a secure authentication method to be adopted by Twitter before integrating with our user accounts. For some of you, this probably doesn’t mean much. I’ll explain.
Lately, there has been a lot of unfavorable publicity regarding security breaches of Twitter accounts. Actually, given the apparent disregard with which many users treat their account info, I’m a little surprised there haven’t been more large-scale exploits. I’ve been guilty of this as well; barely pausing to think before providing my password to any cool new utility that claims it will perform miracles by filtering, sorting or auto-following, etc.
Your average user likely thinks, “So what’s the big deal? I’ll just change my password if someone starts impersonating me.” Problem is: most of us are lazy. If you’re like me, thinking up and remembering a different password for every site is just too much work. My bet is that most people rely on a very small set of passwords for all of the services they use. It’s unlikely that people are going to stop doing this, so developers like us have to be sure that those passwords don’t fall into the wrong hands.
This is where Twitter has received much criticism. In order for any third party tool to work with Twitter, you need to disclose your username and password. (Yikes!) Subsequently, when that service interacts with your Twitter account, it must send your (unencrypted) username and password via the Twitter API. This is not a good thing.
Thankfully, this should become a thing of the past within the next short while. Twitter has been working on the integration OAuth (a secure method of connecting accounts) and has just made it available to all developers. As a result, instead of asking users for their Twitter login info, we can now simply direct them to a special page on Twitter that takes care of the user authentication for us. When completed successfully, we receive a token that allows our site to interact with the user’s Twitter account. And if the user decides they don’t like us any more, all they need to do is revoke our permission from within their Twitter profile. (Previously, the only way to deny access once you’ve allowed third-party access to your profile is to change your Twitter password.)
I’m sure you’ll agree that this is a big step in the right direction. Twitter still needs to implement further checks such as an optional whitelist of servers that can make API calls using its designated app key.
That my (pretty quick) rundown of Twitter and OAuth on MakeFive. I think we’ve managed to make it a pretty seamless process. Now, go and vote on a couple of lists to try it out. :-) www.makefive.com