One of the great things about social media is mashability. That is, many apps can talk to each other and offer synergistic features. I can log into Twitter and tell it to load all my email contacts and look for any of my associates who I can follow on Twitter. I can post a comment on someone’s blog and have it tweet out my comment. There’s just one little thing you usually have to do when you cross app boundaries like this: You have to give one app the password to the other app. Maybe it’s because I’m a developer by trade, and I know what can happen behind the scenes, but it just doesn’t feel right. I remember the computer lab monitor from my school days: “Don’t give anyone else your password. Ever. For any reason. Or you’re banned from the computer lab.”
Of course I still do it. I like to share info among my various accounts. And for the most part, I have enough trust of well-known services like Twitter that I believe they will do the right thing with my off-site password — that is, use it once, don’t abuse it, and throw it away afterwards. But caveat utilitor. I can just see the future newsreel: “Facebook knock-off caches Gmail passwords, rogue mash-up developer makes off with users’ private info, racks up $8 fazillion in Amazon purchases.”
There is a better way.
Many social media apps already have extensive API’s. They should offer some info sharing via a “public key”. Here’s how it might work. I could go into Twitter or Gmail or Facebook or Plaxo, go to my account settings or personal profile or whatever, and create a… well, let’s call it a “token”. This token would grant the holder limited access to my account info for secure, mash-up-style transactions. Since it’s not an actual password, it need not grant total access. Other nice things about tokens are that you can set them to expire, you can generate more than one at a time, and there is a precedent for them in some of the Google API’s (AdWords, Search).
Overall, this would return us to the philosophy of never sharing passwords. But app providers have to get on board. It must become a standard practice, because as a user, I want to control who sees my info, but I still want all my accounts to interface each other.
