Do you use the same username and password across multiple web sites?
Then you’re not welcomed at Twitter!
That may sound like an exaggeration, but read this statement from Twitter, then you tell me if I’m exaggerating:
The takeaway from this is that people are continuing to use the same email address and password (or a variant) on multiple sites. Through our discussions with affected users, we’ve discovered a high correlation between folks who have used third party forums and download sites and folks who were on our list of possibly affected accounts. While not all users who were sent a password reset request fall into this category, we felt that it was important to put this knowledge out there so that users would know of the possibility of compromise of their data by a third party unrelated to their Twitter account. We strongly suggest that you use different passwords for each service you sign up for…
The front-end of this story is that Twitter is forcing many users to reset their passwords after it concluded that evil torrent sites were harvesting login credentials. Although, at least one person suggests that the issue goes beyond this.
Now, here’s the thing, BILLIONS of people use the same username and password across different sites. Just think about your parents–do you really think they could handle using a different login for each site that requests one? I think not.
Perhaps it’s time to rethink the “login.” Maybe Twitter et al could lead the way in developing a new system of authentication. One idea, ask users to provide their IP address and whitelist it. Any changes that appear to take place from a different IP–say the rapid increase of Twitter accounts followed–could be “rolled back” to a previous state–one that matches the whitelisted IP, perhaps?
I dunno. You tell me. Is there a better system for authenticating social networking users?