| Every now and then I end up helping someone I know out with their twitter strategy or something on their PC. The number of full access 3rd party integrations people willingly sign up to and the number of browser plugins people happily add always shocks me. Part of the problem is that getting your account hacked is such a widespread problem that people just accept it and there isn't much incentive for developers to invest heavily in preventing poor user decisions that exacerbate the situation. Ideally developers of services like Twitter - and all those random SaaS apps you pipeline important business information to - should invest in: * Better language about granting access rights up front. Chrome is always impressing me with their approach to language on HTTPS warning dialogs etc. Anyone allowing API access should spend lots of time crafting how they explain their token system to users. * Requiring manual re-confirmation of access rights for integrations after a certain period of no use. * Detecting unusual access patterns for integrations - usually this integration posts once per day per account, now it's posting continually. Hopefully there are machine learning startup teams working on this. I'm sure at least some companies would care enough to send a log of 3rd party integration interactions to a machine learning startup and receive alerts of anonymous behaviour back. (Yes, I know the irony of suggesting the answer to excessive 3rd party integration is a startup that provides anomaly detection as a service - but I doubt most small services offering integrations would be able to engineer a strong system like this...) |