We know now that Mat Honan’s account compromise was due to bad policy at Apple for allowing account access, but this bit from Daniel Jalkut’s post about the situation holds true regardless:
One way to protect yourself is by declining to delegate authentication to third parties. When enrolling in a new service that offers Twitter or Facebook authentication, I usually go through the nuisance of creating a new account instead. That way I can choose a unique passphrase, and store that in my keychain. I prefer this to allowing numerous items to be implicitly added to my Twitter or Facebook “keychain.” Don’t put all your eggs in one basket, as they say. (Well, that’s what I’m doing with my keychain, but I am empowered to personally protect it and to back it up as I see fit.)
This is a strong argument against permitting multiple login “vectors” from social services to your web service. It’s a good idea to permit connecting to these services so your service can leverage things like contacts and posting access but a bad idea to permit authentication from these services.
And you should never use the same password twice across services. The last.fm/LinkedIn password craziness should have taught everyone that.
There’s lots of talk going on early this week about Twitter and their intentions towards third-party clients. Will they permit them? Will Tweetbot still be around in six months? How am I going to connect with other people if Twitter goes the Facebook route and makes me use official clients that aren’t as nice as the third-party ones I have now?
I was going to write a bunch of words about this, but in the end it comes down to something very simple.
Your blog has always loved you. Open—or at least agreed-upon and widely used—standards are not going to magically grow walls and keep you or others out.
WordPress. RSS. Comments. Pingbacks.
Digging deeper: PHP. MySQL. Apache/Nginx. Linux.
These things don’t belong to someone else. They don’t belong to a company that needs to please its investors. They don’t have reasons to keep you out or to stop you from doing what you want.
They belong to you. You use them to make great things. You contribute to them and make not only your stuff, but other people’s stuff, better. You use them to read others’ content and to enter the discussion. If your blog hasn’t been the center of your digital presence, why not?
Your blog has always loved you.
There’s been so much discussion on Color that there are even posts talking about how much discussion there has been. Regardless of this, I am going to tell you what I think of it and why I think it’s a poor concept and why it won’t fly—at least with me. I’d love to be proven wrong (and I think Sequoia would love for me to be proven wrong as well, with a pre-launch $41 million round that’s the talk of the town), but let’s roll with this.