In my preparation for the move to Mac realm I looked at Plaxo as a potential vehicle of migrating my contacts from Outlook. Registration being complete, Plaxo promptly asked me to provide my Gmail password so that it could get to my address book, presumably. That was the end of the evaluation.
Asking for login credentials for a third-party service is plain bad. Whatever you say about not storing the password on your servers etcetera - I don't care about it. And when I see http in the address bar for a page that's about to collect my login information it just raises my eyebrows. Right, my password is about to travel the Internet in clear text.
For those starting a web 2 aggregator service - use OAuth. Please.
0 comments:
Post a Comment