OK, this has been on my mind for a while now. What I'm about to say isn't
going to be popular with some people - but I've got to say it, anyway!
Andy Beard recently posted on his blog about the spate of new tools and
"viral" scripts that require your Twitter (or Gmail) password in order to
He is seriously concerned about the security risks - and quite frankly, so
Now, please understand... my problem IS NOT so much with the scripts
themselves. Most of them claim NOT to store the password provided by
the visitor, and I have no doubt those claims are true.
Here's my problems with them... Let me paint you a picture:
Jo is a scammer. He sets up a perfectly legitimate looking site, offering
internet marketers a load of bonus products for free, in exchange for their
Twitter username and password.
He provides a form, using a recognizable viral Twitter tool, and you type
in your details, because you trust the tool.
Unfortunately for you, Jo is NOT really using the actual tool, but simply a
form which LOOKS LIKE IT.
You have just given Jo the scammer your Twitter password. Oops. 10 days
later (when you've likely forgotten which site(s) you've used to collect all
kinds of cool bonuses... your Twitter account is suddenly hijacked.
You don't know why. But Jo does.
You gave him the keys.
That is my problem.
If Jo hacks into your account, aren't you at least partly to blame because
you gave him your password?
As people become more accustomed to doing this (i.e. giving out their
Twitter password), surely they're increasing the chances they will bump
into an unscrupulous person like Jo on the Internet.
Of course, that means you should only give it out to sites that you trust.
The problem there is, many people don't follow this - they give it out to all
kinds of sites because they want the bonus or convenience being offered.
That is why, personally speaking, I will almost never give my Twitter
password out to ANY site. If I HAVE TO, I will temporarily change my
password first, and change it back again when I've finished.
In fact, I am in the middle of writing a viral tool for Twitter that does NOT
require anybody's password - partly because I'm a capitalistic Warrior, but
partly because I'm getting pretty worried by the growing trend for scripts
and forms that ask for passwords...
... quite frankly, it's got to stop! (In my humble opinion, of course.)
So how do you feel about this issue?
As I said at the outset, I don't think this is going to be a popular
viewpoint, because an increasing number of marketers are using such
scripts and plug-ins.
I have no doubt the people using them are honest. BUT... could this
increasing number of people be conditioning the market to do something
they shouldn't be doing, i.e. giving out passwords to their accounts?