Twitter bids to boost third-party app security

Twitter has often been criticised for failing on security

Twitter is to support a new authentication system for people using third-party applications to read or send tweets, in a bid to boost the security and usability of the site.

The OAuth authentication method chosen by Twitter allows subscribers to use third-party applications without them storing passwords. The apps will still work if the user subsequently decides to change their password.

Carolyn Penner, a member of the Twitter comms team, explained in a blog post that there are two types of authentication that developers can deploy for their apps to access users' accounts: Basic Authentication and OAuth.

"Both require your permission, but there is an important difference. With Basic Auth, you provide your username and password for the app to access Twitter, and the application has to store and send this information over the internet each time you use the app," she said.

"With OAuth, this isn't the case. Instead, you approve an application to access Twitter, and the application doesn't store your password."

Apps such as TweetDeck, Twitterrific and Twitter for Android, iPhone and BlackBerry are already using OAuth, but users have been warned to switch to the latest versions of the apps.

Ironically, the corresponding OAuth update required by TweetDeck users to make them ultimately more secure has already been used by scammers to try and spread malware.