Apparently now that Twitter is using OAuth, I can change the password to my Twitter account and the apps retain access. That’s pretty alarming! Is there some way to at least know which applications have this level of access to my Twitter account?
There are a lot of cool things about the change to OAuth, most notably that third party apps no longer have any reason to store your Twitter account credentials, which is a huge boon. On the other hand, you’re exactly right that the implication of this is that you need to actively disallow applications from having access to your Twitter account and that simply changing your password is not enough.
Kinda freaky, really, if you’re used to your login and password being the ultimate credential for gaining access to your account. Brave new world, and all that!
Twitter makes it reasonably easy to see what apps you’ve enabled, so let me show you how to check your own account and how to disable any app you don’t think should have access to your account.
The first step is to click on “Settings” on the top right:
Now click on “Connections”…
Finally, we’ve reached the page where the list of Twitter apps you have approved to access your account via OAuth are shown:
Quite a list, and that’s not all of them. My reaction: “What the deuce?!” I can’t possibly need to have so many applications authorized to access my Twitter account!
To demonstrate how to prevent an app from accessing my Twitter account, I’ll “Revoke Access” to the Boxee app, since I’m not using it anyway:
That’s how you see which apps have access to your account. Now the question is: which ones really need to have access? My suggestion: err on the side of revoking access to any app you don’t understand or approve of. You can always re-authorize them if you find that something’s not working right any more!