Loading Profile...
Asking for users' 3rd party service passwords
I was quite excited to sign up for Ping.fm when I first heard about it - it is definitely addressing a problem that needs a solution. But I was very disappointed when I went to setup my external services and ping.fm asked for my password to those services (twitter, friendfeed, etc.). This is such a bad idea that it has already been labeled a social-networking anti-pattern (http://microformats.org/wiki/social-n...).
I totally understand that this is not completely Ping.fm's fault - but I am afraid that I won't be setting up any of my external accounts using this approach.
Is there any work being done at Ping.fm for supporting OAuth?
Jeff
I totally understand that this is not completely Ping.fm's fault - but I am afraid that I won't be setting up any of my external accounts using this approach.
Is there any work being done at Ping.fm for supporting OAuth?
Jeff
I’m sad
Follow this discussion to get notifications on your dashboard.
Create a customer community for your own organization
Plans starting at $19/month
-
Inappropriate?Not all of the sites we support have OAuth support. We've looked into the trend of 3rd party connectivity and everyone follows the same trend on data portability. Until that changes, we have no real "norm" and have to go with what they provide.
I understand your concern, but do know that the data we have store is highly secured and only limited staff has database access, much less knowledge of how to get information.
We've gone through great measures ensuring our website's security.
It is ultimately your decision, but a shame you don't want to take part in our services.
Thanks for the comments!
Sean
I’m highly encrypted
-
Inappropriate?Thanks for the quick feedback Sean. As I mentioned in my original post, I completely understand that something like OAuth support is not a problem that Ping.fm can solve on it's own. Even if the solution is not OAuth, I know that sites like FriendFeed provide an API key that can be used instead of a user's password. At least this allows the user more control of external access to their account.
To be honest though, my concern is not just with Ping.fm's internal security, but it is also with the idea that it is OK to ask user's for their passwords. Jeff Atwood described the concerns much better than I can in a recent article (http://www.codinghorror.com/blog/arch...) - including issues like phishing and terms of service agreements.
Thanks for listening and I look forward to the day when I can use your services without providing any 3rd party passwords :)
I’m waiting
-
Inappropriate?I'll echo Jeff's request for OAuth support. I recognize hat OAuth is a chicken-meet-egg problem, but how do we get movement until the connecting apps (plaxo, ping.fm, etc) are willing to say "we need this" to the sites they're talking to?
I’m melancholy
-
Inappropriate?We're building intop the OAuth system for the few sites that support it (Plaxo, Brightkite, Myspace, Pownce, Zooomr). If they offer it, we plan to use it.
This conversion will more than likely affect the portability of some features, so let's hope everyone makes their API friendly. -
-
Inappropriate?I'm with Jeff. And want to RT Dan's comment too.
I'm not giving you my passwords. And DEFINITELY not for services provide alternatives like OAuth or the like (e.g. Twitter).
I’m not happy
EMPLOYEE
