1

I have recently installed Tweetdeck, because my previous client stopped working.

In my custom client, and in the third party client I have used previously I had to setup authorize the application in my Twitter account and the use generated PIN to validate the client origin.

Now I have noticed that in Tweetdeck, I was only asked for my username and password for my account.

How can I verify that the executable is actually official from Twitter? And how can Tweetdeck access my Twitter account without my permission?

jnovacho
  • 243
  • 1
  • 5

2 Answers2

2

And how can Tweetdeck access my Twitter account without my permission?

You just gave Tweetdeck your "permission" by entering the username and password to your Twitter account...

I'm not very familiar with Twitter's API but it's definitely not as optimal as generating a PIN/token/whatever that limits access to one particular application in that it isn't as easy to revoke. However, I don't see any particular problems with it as long as you trust the application (and this doesn't change regardless of the authentication method.)

  • I was surprised that the username/password authentication was allowed. Because third party apps have to use the pin/token method, afaik. – jnovacho Mar 03 '14 at 12:33
0

Tweetdeck is an app which is run by Twitter. That is why it doesn't require OAuth - it's part of Twitter's service offering.

If you want to make sure it's legitimate, there are three things you can do.

  1. Set up Two-Factor Authentication (2FA). When you try to log in to Tweetdeck, Twitter will send your mobile phone an SMS containing a unique login code.
  2. Check that the website you're going to is linked directly from the official Twitter web page.
  3. Examine the SSL certificate on https://tweetdeck.twitter.com/ - does it belong to Twitter?
Terence Eden
  • 633
  • 1
  • 5
  • 7