{"id":1135,"date":"2013-02-05T11:58:37","date_gmt":"2013-02-05T18:58:37","guid":{"rendered":"http:\/\/www.laurenwood.org\/anyway\/?p=1135"},"modified":"2013-02-05T11:58:37","modified_gmt":"2013-02-05T18:58:37","slug":"passwords-and-tokens","status":"publish","type":"post","link":"https:\/\/www.laurenwood.org\/anyway\/2013\/02\/passwords-and-tokens\/","title":{"rendered":"Passwords and Tokens"},"content":{"rendered":"<p>The latest Twit\u00adter pass\u00adword hack did affect me, but for\u00adtu\u00adnately I had already switched to the one pass\u00adword per site philo\u00adsophy. I store all my pass\u00adwords in <a href=\"https:\/\/www.linkesoft.com\/secret\/\">LinkeSoft\u2019s Secret!<\/a>, along with oth\u00ader inform\u00ada\u00adtion that I want to keep on my com\u00adputer and on my phone in an encryp\u00adted form. I just wish the Mac ver\u00adsion synced with Android.<\/p>\n<p>One bright spot in the issue was the fact that I did\u00adn\u2019t have to change any\u00adthing in all my apps that use my twit\u00adter account, since they all have their own tokens, inde\u00adpend\u00adent of my twit\u00adter pass\u00adword. <a href=\"http:\/\/oauth.net\/\">OAu\u00adth<\/a> is usu\u00adally said to be good since you can revoke access for any applic\u00ada\u00adtion at any time; this was the first time it became obvi\u00adous to me that the oth\u00ader advant\u00adage is that you can change your main pass\u00adword at any time without need\u00ading to update any oth\u00ader cli\u00adent. Can oth\u00ader applic\u00ada\u00adtions that have web access and smart\u00adphone app access please take&nbsp;note?<\/p>\n<p>OAu\u00adth is not neces\u00adsar\u00adily the easi\u00adest of pro\u00adto\u00adcols to under\u00adstand, or imple\u00adment, but these days there are lots of lib\u00adrar\u00adies out there that do imple\u00adment it. When I teach OAu\u00adth at the <a href=\"http:\/\/xmlsummerschool.com\/\"><span class=\"caps\">XML<\/span> Sum\u00admer School<\/a>, I always recom\u00admend people use exist\u00ading lib\u00adrar\u00adies if pos\u00adsible, to let oth\u00aders do the hard work of debug\u00adging all the little details. Anoth\u00ader thing I recom\u00admend is to get the O\u2019Reilly book <a href=\"http:\/\/shop.oreilly.com\/product\/0636920021810.do\">\u201cGet\u00adting Star\u00adted with OAu\u00adth 2.0\u201d<\/a> (full dis\u00adclos\u00adure: they sent me a review copy) to under\u00adstand the con\u00adcepts. You need to know about vari\u00adous types of tokens and cre\u00adden\u00adtials, and how they fit into the multi-layered authentication\/authorization pro\u00adtocol dance for the dif\u00adfer\u00adent use cases. Once you have a decent under\u00adstand\u00ading of the con\u00adcepts, then go and read the <a href=\"https:\/\/tools.ietf.org\/html\/rfc6749\">actu\u00adal spe\u00adcific\u00ada\u00adtion<\/a> for the details. The spe\u00adcific\u00ada\u00adtion has lots of inform\u00ada\u00adtion in it, but it\u2019s immensely easi\u00ader to under\u00adstand if you already know how the pieces fit togeth\u00ader, and that\u2019s where the O\u2019Reilly book is well worth reading.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The latest Twit\u00adter pass\u00adword hack did affect me, but for\u00adtu\u00adnately I had already switched to the one pass\u00adword per site philo\u00adsophy. I store all my pass\u00adwords in LinkeSoft\u2019s Secret!, along with oth\u00ader inform\u00ada\u00adtion that I want to keep on my com\u00adputer and on my phone in an encryp\u00adted form. I just wish the Mac ver\u00adsion \u2026 <a href=\"https:\/\/www.laurenwood.org\/anyway\/2013\/02\/passwords-and-tokens\/\" class=\"more-link\">Con\u00adtin\u00adue read\u00ading<span class=\"screen-reader-text\"> \u201cPass\u00adwords and Tokens\u201d<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"","activitypub_status":"","footnotes":""},"categories":[13],"tags":[],"class_list":["post-1135","post","type-post","status-publish","format-standard","hentry","category-identity"],"_links":{"self":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts\/1135","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/comments?post=1135"}],"version-history":[{"count":5,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts\/1135\/revisions"}],"predecessor-version":[{"id":1140,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts\/1135\/revisions\/1140"}],"wp:attachment":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/media?parent=1135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/categories?post=1135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/tags?post=1135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}