I’ve written about how it’s a really bad idea to have web sites asking for your gmail password, “just to load your contacts!” I like the name Jeremy Keith gave it: the Password Anti-Pattern. Sure, Facebook likely isn’t going to do naughty things with your data, but once you’re used to giving sites your gmail password, then you might fall for this:
I was looking for a way to back up my gmail account to a local drive. I’ve accumulated a mass of important information that I would rather not lose. During my search I came across G-Archiver, I figured what the heck I’ll give it a try.
[…]
then I noticed that every time a user adds their account to the program to back up their data, it sends and email with their username and password to his personal email box!
Ouch. Big Ouch.
Meanwhile, there’s good news: Google now provides a more open, and thus more secure, API to your contacts. In the near future, Facebook will be able to request authorization to your Google contacts, rather than ask for your gmail password. You’ll only have to enter your gmail password at the Gmail web site.
I suspect Yahoo will follow shortly. But Facebook? Probably not yet. They thrive on locking down your social network at Facebook. But I suspect in the long run, they’ll feel significant pressure to become more open.
Benlog 
Comments
3 responses to “Bad and Good News on the “just give me your password” front”
[…] This kind of borderline spam request is questionable in the best of circumstances, but Ben Adida points out a frightening story in which one of these sites was emailing the username and password of every […]
[…] kind of borderline spam request is questionable in the best of circumstances, but Ben Adida points out a frightening story in which one of these sites was emailing the username and password of every […]
[…] This kind of borderline spam request is questionable in the best of circumstances, but Ben Adida points out a frightening story in which one of these sites was emailing the username and password of every […]