Authentication Twitter Plugin
Version
1.1 (last update on Feb 26, 2012)
Rating
Compatibility
Reviews
4
License
GPLv2 or later
Non-Commercial
Type
Date Added
12 May 2011
The plugin is very simple and doesn't need addictional form or buttons, cause it works behind the normal authentication.
The installation procedure is standard, then upload the zip file, enable the plugin and try to login with your Twitter credentials.
Optional: you can add an icon in the login form, so the user will knows that he can use twitter credentials to register himself in your website.
This extension is great, it does exactly what the description says.
it could be great If there was a way to disable success message though.
it could be great If there was a way to disable success message though.
This plugin works as is supposed to be, Im really sorry that people does not understand that. This is not unsafe, the passwords are managed by Twitter not by the website. Giving this extension a bad rating based in security concerns is just ignorant and from people that does not understand what this plugin is doing.
While the extension is very convenient, it relies on a practice that should be avoided: asking for the password from another site.
As a user, you should only provide your facebook credentials to facebook, or your twitter credentials to twitter. This extension encourages users to submit their twitter credentials to the site where the extension is installed. The extension handles them properly and sends them to twitter using https... but the user cannot know that.
Note please that I'm not saying that this is a malicious extension: it is not. I'm only saying that, as a user, you shouldn't be using any site that uses this mechanism because your password can be stolen.
As a user, you should only provide your facebook credentials to facebook, or your twitter credentials to twitter. This extension encourages users to submit their twitter credentials to the site where the extension is installed. The extension handles them properly and sends them to twitter using https... but the user cannot know that.
Note please that I'm not saying that this is a malicious extension: it is not. I'm only saying that, as a user, you shouldn't be using any site that uses this mechanism because your password can be stolen.
