By John Gruber
Jiiiii — Free to download, unlock your anime-watching-superpowers today!
Brent Simmons:
When Twitter was recently hacked, I was among those who got an email saying I was affected. So I changed my password.
But here’s what I’ve noticed: changing my password does not cause any of the Twitter clients on my iPhone to ask me again for authentication. They just keep working normally. […]
I understand that OAuth is a security win in some ways. But implementors should, I think, be mindful of what normal people expect — which is that changing your password locks out every app until you re-authenticate.
★ Tuesday, 19 February 2013