When Twitter was recently hacked, I was among those who got an
email saying I was affected. So I changed my password.
But here’s what I’ve noticed: changing my password does not cause
any of the Twitter clients on my iPhone to ask me again for
authentication. They just keep working normally. […]
I understand that OAuth is a security win in some ways. But
implementors should, I think, be mindful of what normal people
expect — which is that changing your password locks out every app
until you re-authenticate.