"yes, it asks for your user name and password and no, we won't do anything wrong with it"
But you'll store it right? And that means if someone breaks into your database they've got my password for Twitter.
This sites that ask for a password are dangerous. Suppose the Twitter does a really great job of salted hashing of passwords so that it wouldn't matter if someone broke into the Twitter database.
Then along comes a third-party service that needs to integrate with Twitter and so asks for my password. All the good work done by Twitter on password security is gone.
But from the public's perspective there's no difference between the two. Both seem to need to know the password, one creates security risk, the other doesn't.
The only solution to this problem is that Twitter provide an authentication service for its users.
Oh wait, they take password security so seriously that the login form which sends my Twitter username and password does so over HTTP and not HTTPS! Hooray, my password goes across the wire in plain text.
It's not advertised because mass use would take down their servers but someone on HN pointed this out (even your tweets will be encrypted [at least until they are globally published]:
But you'll store it right? And that means if someone breaks into your database they've got my password for Twitter.
This sites that ask for a password are dangerous. Suppose the Twitter does a really great job of salted hashing of passwords so that it wouldn't matter if someone broke into the Twitter database.
Then along comes a third-party service that needs to integrate with Twitter and so asks for my password. All the good work done by Twitter on password security is gone.
But from the public's perspective there's no difference between the two. Both seem to need to know the password, one creates security risk, the other doesn't.
The only solution to this problem is that Twitter provide an authentication service for its users.