Passwords Up for Grabs on Social Networks
I’m not a big fan of new Web 2.0 Social networks but I have participated in some new ventures. You won’t find me on MySpace, BeBo or other silly services. I am active on LinkedIn which is geared towards professionals and yes, I’m addicted to Twitter. I did join Facebook to write about their Beacon privacy problems and still participate now and then to see what my friends are doing. I don’t participate in any of the Facebook applications because like many services they always try to trick me into sending invites to my friends.
The services I really hate are the ones who try to get you to hand over your address book so they can spam your contacts with invites to join. In many cases, they just want you to give them access to your Email accounts so they can suck out your contacts and automatically populate your new friends list. While this might be convenient it can be very dangerous.
The most annoying is a service called Tagged.
It Gets Worse
Many sites will transmit your name and passwords as unsecured data. This makes your name and password visible to anyone along the Internet path.
When you’re entering or giving someone else access to your name and password you should first look to see if you’re on a page that is https:// or shows the locked symbol indicating a secure transmission of data. There’s also a method which can be used encrypt data called OAuth but it’s impossible to know which sites actually support this.
Recently, I joined BrightKite which allows me to integrate messages to Twitter. They tell me Twitter doesn’t support “OAuth” which means I sent my Twitter login information across the net unsecured. This is scary because there are a wide variety of tools which integrate with Twitter. None of them will encrypt your name/password when logging on to Twitter. So if you see me say something really stupid on Twitter, it might not be me.
I’m sure you don’t use the same password for different online sites ( cough cough) but in the case of social networks, it’s very important you create different passwords. Just like I periodically remind readers to review their backup procedures, and today is a good day to look at your current password scheme.