Never Ask For Passwords

Tue 25 October 2011

Once again, it's demonstrated that sitting around a table drafting policy fails the common sense test. Chronicle of Higher Education reports that Sam Houson State University decided to ask all members of their social media portal for username and passwords. Their published policy still does. My favorite part:

Do not change any passwords issued with the accounts. If there is a problem or compromise of the accounts security, contact the Marketing and Communications Social Media Representatives. They will issue you a new password. Do not share login and password information with unauthorized individuals.

Most social media sites support OAuth, which allows apps to read and write to your feed without sharing an underlying username/password. Moreover, if all you're doing is mere aggregation, there's no need to ask for this information. You automate censors, you implement a blacklist, and you move on. There's no need to edit posts directly, there's no need to spam thunderstorm warnings on every twitter feed you can find.

Comments !