Okay folks we really blew it this week. How many times have we been told not to give out our passwords? How many times have you refused to give a tech support person your password? Yeah lots, but this week I think we collectively blew it. Not just once, but twice!
First was SocialMinder then it was Twitterank. Both spread like wildfire working off what powers social media the most, us.
A friend passes something along or see a tweet with “My Twitterank is…” from a friend, well of course it should be safe, right?
That is the simplest bit of social engineering and we fell for it.
As well, it should be a wake-up call for everyone to be a lot more careful about sharing your personal information. It should also be a reminder that changing your passwords on a regular basis, and not using the same password for every online service is a good digital habit.
More: Louis Gray has a post about Twitterank, and how he’s not too concerned about people hacking into his Twitter account.
Yes, Twitter needs to make some changes so we have have interesting things like Twitterank safely, but wow we’ve got to think harder. I can’t count the number of times I’m asked for a password for one service by another to do something that I’d like.
Sure most of the time this is cool, but it doesn’t take much to make it very uncool. Uncool that could become really, really bad.
Fine lesson learned, but really there are legitimate reasons for this kind of thing and I don’t know an easy way for us to vett the good from the bad.
AIR apps, Facebook apps, all these things…I hope someone smarter than I has an idea on this because besides OAuth and OpenID I don’t know a solution.
Update: I was going to include this link to Alexander van Elsas’ post on the 5 dangers of social media .