• Twitter adds support for app-based two-factor authentication

    Twitter adds support for app-based two-factor authentication

    Twitter is rolling out an update to its platform security that will allow users to employ third-part authentication apps to receive a two-factor login authentication for their Twitter account. Twitter has offered two-factor for a long while now, but it’s used the less secure SMS-based verification method excessively until now. The third-party app support means you can use tools like… Read More

  • Google Brings OAuth 2.0 Support To Gmail And Google Talk To Make Third-Party Apps More Secure

    Google Brings OAuth 2.0 Support To Gmail And Google Talk To Make Third-Party Apps More Secure

    Virtually all of Google’s APIs currently support OAuth 2.0, a framework for allowing third-party apps limited access to your data from other services, as their standard authentication mechanism. Starting today, Google is taking its OAuth 2.0 support a step further by bringing it to IMAP/SMTP and XMPP, the protocols that allow third-party access to Google services like Gmail and Google Talk. Read More

  • WordPress.com Gains Support For OAuth2, Dedicated Developer Portal

    In a blog post on the WordPress.com blog, Automattic‘s Justin Shreve this morning acknowledged his employer’s aspirations to turn WordPress.com into more of a platform than a mere Web-based blogging software service. The company has added support for authentication protocol OAuth 2 to WordPress.com and is debuting a brand new developer portal. Read More

  • Facebook's Own (Smaller) "OAuthpocalypse": Devs Have 48 Hours To Secure Apps

    Facebook's Own (Smaller) "OAuthpocalypse": Devs Have 48 Hours To Secure Apps

    For a group of developers on Facebook’s platform, the clock is ticking. Last night and into today, Facebook has been sending out notices to developers they believe have apps in violation of their policy against sending authentication data to third parties. Those developers have 48 hours to fix their apps or they risk being “subject to one of the enforcement actions” —… Read More

  • Google Ready To Slurp Up More Yahoo Users With OpenID Sign-Ups

    Google just made it easier for people with Yahoo accounts to sign up for a Google account. With one click, you can now use your Yahoo credentials to sign up for a Google account such as Gmail, Google Docs, Google Reader, or even AdWords. The one-click sign-up is done using OpenID, which both Google and Yahoo support. It also uses the OAuth authentication method quickly becoming the… Read More

  • OAuthpocalypse Tomorrow: Twitter Ending Basic Auth Support At 8 AM PT

    A couple weeks ago, we noted the start of the “OAuthpocalypse” — that is, Twitter’s move to make all developers use OAuth rather than basic authentication for their third-party apps. Twitter expected some bumps as they were going to be continuously shutting stuff down and progressively limiting rates. That all ends tomorrow, as basic auth support will be officially… Read More

  • Gowalla Finally Releases Their Check-In API With Some Nice Tools And OAuth 2 Support

    Gowalla Finally Releases Their Check-In API With Some Nice Tools And OAuth 2 Support

    You could make an argument that one of the things holding back the growth of location-based service Gowalla was that there was no full API support. After all, rival Foursquare has had their full API rocking and rolling since last November. But after today, you won’t be able to make that argument anymore. Gowalla has just formally announced that their Check-In API is now available to… Read More

  • Twitter OAuth "Temporarily Disabled", Developers Left Hanging

    Twitter, you need to do a better job at communicating with the developer ecosystem that has been formed around your API for the past couple of years. At least, that’s the message the developers themselves seem to be sending out to the startup at an increasing rate. Jesse Stay from SocialToo wrote something about this earlier today on his blog, criticizing the startup over a change it made… Read More

  • Social Web Q&A with Google's Kevin Marks

    This guest post is written by Kevin Marks, Developer Advocate for OpenSocial at Google. Over the last 20 years he has alternated between giant companies and founding startups – BBC, The UK MultiMedia Corporation, Apple QuickTime, Technorati and now Google. He is one of the driving forces behind microformats.org and advisor to the Open Rights Group. He wants you to remember that URLs… Read More

  • OpenID + OAuth: Two Great Tastes That Taste Great Together

    Today, Google and Plaxo released a hybrid protocol that combines OpenID, the open online identity standard, with OAuth, the secure data portability standard. Too often, when a Website wants to import your contacts from another Web service, it asks for your login and pasowrd credentials. OAuth gets around that by sending you back to the original site where you login and authorize the… Read More

  • Facebook Security Advice: Never Ever Enter Your Passwords On Another Site, Unless We Ask You To

    After the recent outbreak of a worm that hacked user Facebook accounts and disseminated through users contacts, Facebook responded with a post with advice to users on general tips about web security. Facebook head of security Max Kelly, a former FBI computer forensics examiner, wrote a blog post with advice to Facebook users including: As a Facebook user you can help us protect you by doing… Read More

  • Screen Shots Of Upcoming MySpace Data Availability Widget for iGoogle

    MySpace and Google demonstrated an interesting mashup of the MySpace Data Availability API, oAuth and the iGoogle gadget specification at the oAuth Summit a couple of weeks ago. The application, which pulls the core MySpace feature set into iGoogle, is not yet publicly available, although MySpace has said to expect in in August. It’s another example of data portability in action (as well… Read More