Twitter Applications and OAuth

Monday, 30 August 2010

If you are like most Twitter users, you have used use a third-party Twitter application to read or send Tweets. As of August 31, Twitter applications will all use OAuth, an authentication method that lets you use apps without them storing your password.

What does this mean for me?
The move to OAuth will mean increased security and a better experience. Applications won’t store your username and password, and if you change your password, applications will continue to work.

With OAuth, you still individually approve each application before using it, and you can revoke access at any time. To see which applications you have authorized or to revoke access, just go to the Connections section under Settings.

One thing to note - to continue to use your favorite applications, you should make sure you are running the latest version of the app. Otherwise, you may soon find that it doesn’t work anymore.

Tell me more about OAuth
In order for Twitter applications to access your account, developers have been able to choose one of two authentication methods: Basic Authentication or OAuth. Both require your permission, but there is an important difference. With Basic Auth, you provide your username and password for the app to access Twitter, and the application has to store and send this information over the Internet each time you use the app. With OAuth, this isn’t the case. Instead, you approve an application to access Twitter, and the application doesn’t store your password.

Fortunately, developers have known about our transition to OAuth since last December, so they’ve had time to update their apps. And many apps, including Echofon, TweetDeck, Twitterrific, Seesmic, and Twitter for Android, iPhone, and BlackBerry, are already using OAuth. We appreciate the work and time that developers have invested in this update in order to keep you safe.