Subscribe:   Posts   |   Email   |   Facebook   |   Twitter

Internet Marketing and Web Development in Higher Education and other tidbits…

Why now is a great time to do an OAuth audit

04 Jan 2012

written by Nick DeNardis

Why now is a great time to do an OAuth audit

The beginning of the year is a great opportunity to start fresh and look at everything with a new set of eyes. Something that is easily overlooked is who (or what) has access to your social media accounts. It’s easy to change your password and revoke access from co-workers but it isn’t as easy to identify which websites and services have access to your accounts.

What is OAuth?

OAuth (Open Authorization) is an open standard for authorization. It allows users to share their private resources (e.g., photos, videos, contact lists) stored on one site with another site without having to hand out their credentials, typically username and password. – Wikipedia

How OAuth can be useful

For some, OAuth is a life saver, allowing you to share social media accounts across campus without having to give away the password. I know I am guilty of this with our Flickr account, we allow multiple departments to upload photos through their Uploadr tool. We just have to visit their computer, login, and they are all set to use the account as if they knew the password. We can change the password at any time without disturbing their work.

How OAuth can be harmful

Increasingly sites are using OAuth as their primary method of account creation. This is great for users since they only have to remember a single login, fill out one bio and upload one profile photo. But over time, without proper maintenance, the amount of website that have access to your accounts can reach in to the hundreds. These services can often use your account as if they were you, reading all your content, sometimes even private messages without your knowledge.

Twitter in the last year made some changes to protect direct messages by implementing a granular permissions model. But not all services use a permission model like this. It is important to read what and how each service will be using and doing with your data. Especially on your main institutions accounts, it can be concerning if a service has free reign without your oversight.

Lastly, OAuth is independent of your password, so even if you change it the services you have authorized will still have access to your account.

Time to audit who has access to your accounts

Below I go through the steps to view who (or which services) have access to your social media accounts for the more popular sites. Start the year out right and make only the services you trust have access to your data.

If you use a site that isn’t on my list, please feel free to add it in the comments.

Twitter

  1. http://twitter.com/
  2. Login
  3. Settings
  4. Applications

twitter oauth Why now is a great time to do an OAuth audit

Facebook

  1. http://facebook.com/
  2. Login
  3. Account Settings
  4. App

facebook oauth Why now is a great time to do an OAuth audit

Each of the applications on the list can read your account information in various forms, click the “Edit” button to see what each app is using. In addition there is a “Manage my pages” section which shows which pages that app also has access to. This is the important area for Facebook since most institutions use pages as their primary source of communication.

facebook oauth pages Why now is a great time to do an OAuth audit

Tumblr

  1. http://tumblr.com/
  2. Login
  3. Preferences
  4. “Applications” at the bottom

tumblr oauth Why now is a great time to do an OAuth audit

Flickr

  1. http://flickr.com/
  2. Login
  3. Account
  4. Sharing & Extending

flickr oauth Why now is a great time to do an OAuth audit

LinkedIn

  1. http://linkedin.com/
  2. Login
  3. Settings
  4. Groups, Companies & Applications
  5. View your Applications
  6. External Websites
linkedin oauth Why now is a great time to do an OAuth audit

YouTube

  1. http://youtube.com/
  2. Login
  3. Settings
  4. Authorized Sites
  5. Google Accounts, Connected Sites
youtube oauth Why now is a great time to do an OAuth audit

Formspring

  1. http://formspring.me
  2. Login
  3. Settings
  4. Application List (looks like they removed it)
formspring oauth Why now is a great time to do an OAuth audit

Monthly cleanup

The services that have access to your accounts are probably essencial to your social media productivity. Don’t go removing all of them because they could be accessing your data without your knowledge, most are probably legitimate. What you want to look out for are services that you don’t recognize or you know you won’t be using anymore.

It is a good practice to setup a re-occurring reminder each month to log in and audit your accounts.

  1. The Great Keynote Meltdown of 2009
  2. What’s an Appropriate Response Time to Inquirers?
  3. Book Review: The 12 Elements of Great Managing

The content of this post is licensed: ©2012 All Rights Reserved

About the author

Nick DeNardis

Nick is the Associate Director of Web Communications at Wayne State University by day. By night he hosts the video blog EDU Checkup where he reviews higher education web sites live. Nick is an active member of the higher education web community and is an officer of Refresh Detroit, a group of web professionals whose goal is to promote web standards, usability, and accessibility.

Nick DeNardis Nick's Facebook Nick's LinkedIn Bio Nick's Twitter Account Nick's Flickr Photos Nick's YouTube Profile Nick's Digg Profile Nick's Delicious Bookmarks Nick's StumbleUpon Nick's SlideShare Presentations Nick's Last.FM Music

This post was written by - who has written 31 posts on .eduGuru

  • http://www.joomladesignservices.com/blog Best Blog On Joomla CMS

    “It is a good practice to setup a re-occurring reminder each month to log in and audit your accounts” I guess this is essentially important and I too make it point to implement this.

    Nonetheless you have prepared an extensive resource to explain this issue. I am appreciative of the amount of information you have put in. Great Read!

  • Pingback: Connecting, Sharing and Curating | One Change a Day

Proud Member of BlogHighEd University Web Developers eduStyle

© .eduGuru - Internet Marketing and Web Development in Higher Education and other tidbits…. Powered by Wordpress. | Advertiser policy