Richard Bucker

Logging in is hard to do

Posted at — Jul 1, 2011

Services like Twitter and Facebook have created APIs so that 3rd party developers can write applications that can take… take advantage of their infrastructure, add features that are missing, and a host of other motives.The one motive that we fail to remember when someone reports that Mark Zuckerberg get’s a Google+ account is that it’a all about marketing. I feel certain that long before it was announced about MZ his team had already performed a competitive analysis. The rest was just press from one side or the other.Which brings me to my next observation… If you are a startup or a wanna-be startup. You might see yourself going to VCs for money. While on the surface that makes some sense, however, social networking is all the rage and organic growth is ok but VCs want to see explosive organic growth… cough cancerous growth. So your first stop should be an advertising or marketing company. Not VC.And sliding back into APIs let’s talk security. When you are in your favorite app and they ask for some facebook credentials. Hold off. You should NEVER enter you username and┬ádefinitely┬ánot your password. Sometimes your applications will launch a popup that looks like a login screen from whatever your remote system is (like facebook) but STOP!!! and cancel the current operation.First you should log into your service (facebook or twitter etc). Then go back to the application and repeat the operations. This time the application will not prompt you for your credentials. It will slide to the part where it asks for permission. And then it’s going to display the types of permissions it wants.The facebook permissions are very scary so read them carefully. One such permission allows the application to access your personal information any time they see fit. This does not seem like a problem today, however, some day you may have some important info that it truly secret. I hope MZ is listening and builds a data vault into the system.