Twitterless No Longer Requires Twitter Passwords

Ever since Twitterless was first launched, the biggest failing was the requirement to store user’s Twitter account passwords.  The reason these passwords were required was because Twitter puts limits on the number of requests an IP address or Twitter account can make per hour.  Twitterless needs to make many more than 100 requests per hour to find dropped followers for people so the only way to get around this limitation was to make the requests using the authenticated account of the user it was currently checking.  In other words, the burden was distributed across many accounts.

The folks over at Twitter put these limits in check for a reason, most importantly to keep too many people who use the API from overloading the system (any more than it already is).  However, to help foster an active development commnity, Twitter will “whitelist” accounts for developers of Twitter-centric web applications they deem worthy.  I didn’t ask for Twitterless whitelisting status until recently because frankly I thought that the Twitter people may not accept an application that tells users when people stop following them.  As Twitterless grew in popularity, the number of grievances about password storing grew in kind, so I finally decided to request whitelist status despite the chance it may get rejected (or worse, blocked entirely).  

My fears were laid to rest last Friday when I discovered another service called Qwitter that also sends out notifications when followers drop people that actually had whitelisting status.  Not too long after that, whitelisting status was granted for Twitterless and the need for passwords was extinguished – yippee!  Existing users can go into their Twitterless accounts and change their password to something other than their Twitter password and rest easy that it has been erased.  

Now there are some drawbacks.  There are a few Twitterless features that still do require authentic Twitter passwords despite whitelist status, namely: address-bar-posting, auto-block, and auto-follow.  Because the number of people who actually take advantage of these features is very small so far, it isn’t a big deal, but for those of you who are using them you can still take advantage by leaving your actual Twitter password in the database.  The second drawback is that users with Twitter accounts that have been set to “private” will need to continue to supply their authentic Twitter password to Twitterless in order for the service to work for them because “private” also means “nobody, not even programs using the API, can access your information.”  If Twitterless can’t access your info it can’t find out who stops following you. 

So that’s the skinny.  Those of you who were worried about your passwords being stored by a service other than Twitter can now rest easy.  You can change that password in your settings and the new password will be what you use to access your Twitterless account from then on. Also, whitelisting will also allow me to implement some new an interesting features that wouldn’t have been possible without it, so stay tuned for those.  Thanks for trusting me with your passwords up to this point and helping test the application.

Advertisements

Tags: , , , , ,

4 Responses to “Twitterless No Longer Requires Twitter Passwords”

  1. ashfame Says:

    That is a good thing. Twitterless will now get more popular. Good luck!

  2. Todd Says:

    If twitterless no longer requires a password, how do we prevent other people from logging into our twitterless account and seeing our stats, changing preferences, etc.? I was able to log in to my twitterless page just by entering my Twitter username. This has me concerned.

  3. twitterless Says:

    It still requires a password. You remain logged into Twitter for 30 days unless you specifically log out, so when you typed your username in you were already authenticated. Had you not be, you would have been taken to your profile page but not have been logged in, whereupon you could have clicked the “log in” link on the top right corner of the profile page to enter your Twitter credentials.

    Passwords are still in use – they are randomly generated and sent to new users now.

  4. Todd Says:

    Thanks for the quick response, but I don’t appear to be able to “log out.” Do you mean log out of my twitter client, the twitter website or by clicking the “sign out” link at the top right of the twitterless website? I signed out of everything, cleared browser caches, etc and when I go to the twitterless web page and click “Engage” I am taken right to my profile page (which was private). I also tried this from another computer at a different location and had the same result. I can log in to twitterless with just a username.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: