The now so famous attack on celebrities Twitter accounts, among which figure Barack Obama and Britney Spears is being discussed all over the Internet, and as always everybody knows better. One idea is to ask twitter to implement the OAuth stack.

While I’m a huge fan of OAuth, and think it’s a good idea to (finally) add it to OAuth, because giving my twitter password to everybody feels very unsafe, we have to see that the lack of OAuth has nothing to do with this last, most publicized attack on them.

Well first of all, what is it the OAuth does? As oauth.net puts it:

Everyday new website offer services which tie together functionality from other sites. A photo lab printing your online photos, a social network using your address book to look for friends, and APIs to build your own desktop application version of a popular site. These are all great services – what is not so great about some of the implementations available today is their request for your username and password to the other site. When you agree to share your secret credentials, not only you expose your password to someone else (yes, that same password you also use for online banking), you also give them full access to do as they wish. They can do anything they wanted – even change your password and lock you out.

So how would that help Twitter? It would certainly have prevented the dozens of scam sites that were set up with some bogus service just to get hold on your credentials, because that is exactly the scope of OAuth. On the other hand it would not have helped with phishing that duplicates the Twitter site itself (because you’d still be giving them your credentials to sign in) and even less help it would have been in the latest attack, because

The issue with these 33 accounts is different from the Phishing scam aimed at Twitter users this weekend. These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their Twitter account when they can’t remember or get stuck. We considered this a very serious breach of security and immediately took the support tools offline. We’ll put them back only when they’re safe and secure.

So while OAuth is certainly a good idea, it is not the solution to all security problems at twitter.