This is a short rant prompted by another student’s observation that Yelp actually asks for your Gmail password as part of their signup process…
Have you encountered a website that asks for the username and password to your e-mail provider? I’m talking about this:
LinkedIn asking for my Gmail password
Yelp asking for my Gmail password
This really needs to stop and people need to start using the Gmail Contacts Data API.
I think it’s kind of needless to say that not only is this unsafe, but it helps users become victims of phishing at some point in the future. Socializing users into giving away their passwords to arbitrary 3rd parties is not OK.
So, thanks Facebook, LinkedIn, Yelp, and others for continuing to make the Internet just that much more dangerous; now start using the Contacts API.
If you know of any other websites that still ask for your Gmail password, list them in the comments!
UPDATE: This exact same issue was highlighted in Coding Horror 2 months after my post went up.
I’ve seen one site ask me for my gmail password, but I can’t remember which one it was.
What bothers me more are financial institutions that do the same thing. Bank of America offers a service called “My Portfolio” that allows users to give BofA the credentials to all of their online financial service accounts so that BofA can go out and screen scrape them. In addition to usernames/passwords, BofA also asks for security questions/answers for certain sites that require them (like ING Direct).
http://www.spokeo.com
twitter. sigh.