Last week Google announced something called the Contacts Data API. This makes me a very happy camper indeed.
I’ve made no secret of my loathing for the password anti-pattern. Asking for a GMail username and password on a third-party website is just plain wrong. I’ve said it before and I’ll say it again: it teaches users how to be phished. I spoke about this at the Social Graph Foo Camp, naming and shaming implementors of the anti-pattern:
Brave representatives from Facebook, Plaxo, Twitter, LinkedIn, Dopplr and Pownce showed up to be named and shamed (though most of the shame was reserved for Google in not providing an API for contacts).
To be honest, the impression I got from Google was that I shouldn’t hold my breath but now that they’ve stepped up to the plate and provided an API, there’s really no excuse for websites to ask users to enter their GMail username and password. The API uses AuthSub now but Kevin announced at SXSW that it will support OAuth at some unspecified future date.
Within 24 hours of the Contact Data API’s release, Dopplr had already removed the username/password form and implemented the handshake authentication instead. Bravo, Matt!
So who’s going to be next? Place your bets now. Here are my nominations for the next contenders:
C’mon Leah, don’t let me down.
I’m starting to see a pattern. Whenever I bitch and moan about something, it seems to get fixed:
- the search functionality on Upcoming,
- the default behaviour of IE8
- and now this.
I think I might be suffering from some sort of reverse paranoia. The whole world seems to be out to help me.
Update: Well, shame on me for not including Flickr in the list of contestants. They’ve implemented a superb import feature that never once asks for a third-party password. Bravo, Flickrites!