An Experiment: Authenticate with a Tweet

This is the second part to my original post, An Effort to Ditch the Password

So what is this? It’s passwordless login, where you authenticate by composing a tweet. It is the simplicity of OAuth from all prospectives, but without the privacy concerns, agreements, and questions.

I built this using Flask and deployed it using Heroku (their python instructions were fantastic), and it’s actually very simple on the backend. All of the code is available on Github. I have a script that is constantly checking a public stream for tweets that contain #post – this is why all tweets contain this hashtag; all of the tweets need to have one consistant value so they end up in the same stream that I can indexed. Then, when a user clicks “sign in” on the website, they are assigned a random, unique identifier – the second hashtag – is saved in their browser session along with their supplied Twitter handle. For 20 seconds, the script checks the ‘#post’ stream for a tweet that 1. came from the Twitter handle specified and 2. contains their unique identifier hashtag. If a tweet is found, their loged-in status in their session is updated to “true” and if not they are redirected to an error page.

Signing in this way is designed to be safe, quick, and secure. In effect, it should not take the user more than two clicks (‘sign in’ and ‘tweet’) and a dozen characters (their Twitter handle). This method is therefor eliminating the need to memorize a hard password, rely on a weak password, and/or monitor your phone or email for some verification.

All of that being said, I do not anticipate websites will implement this, and that is a good thing. Why? Namely, from a user prospective, I would not want to tweet every time I signed into a website. As quick and safe as it feels and as easy as it is to code, I would never ask users to tweet their way into my website, so to speak. A quick solution to this issue would be using a platform where streams could be private, a feature that sounds like something to be added to But I digress.

No, logging in with a tweet is not a replacement, and no, it is not a new standard. And again this is okay. At its best, this experiment will support my belief that there is demand – and a place, now, – for a modern authentication system. One that is not necessarily based around the password in its current form. And one that does not sacrifice security for simplicity.

Follow the discussion on Hacker News.

1 year ago 

How I Use Checkins to Beat the Crowd


My idea was based around a simple concept: I always get caught in traffic, going places at their most crowded times and suffering the consequences by having to wait in line. More specifically, my favorite breakfast place felt like it was constantly packed. Or rather, every time I would go, I would end up on line for, on average, 40 minutes. So I wrote a simple script that used Foursquare venue’s hereNow feature in the hopes of predicting when the crowds come and go.

After a little bit of D3, I got the above graph that, despite looking like a bad pulse, was a pleasant surprise. First of all, let’s give the graph some context.

Starting at 0:30 (12:30 a.m. e.s.t.), my script recorded the number of checkins at this restaurant every half an hour. The restaurant opened at 8:00, and I could see the first checkins starting at 9:30, which makes sense for a Saturday. The peak, 10 checkins, lasted from 12:30 to 13:30 before slowly declining back to 0 checkins around 15:30 when they closed.

So where’s the pleasant surprise? Foursquare helped me predict the crowdedness of this restaurant with just a couple of lines of Python, and it seemed to do so with accuracy. I quickly got a sense of when their weekend traffic comes and goes, and as a result I now know that it’s worth biting the bullet and going early.

I could only hope that Foursquare’s data would continue to show a realistic trend (and even be more accurate) when tried on a larger scale with higher numbers. To test this, I collected the same data for Hartsfield–Jackson, Atlanta International Airport.


This graph is on the same scale as the first, so it is easy to see the far greater number of checkins. But here is the real overview:

When I started, just after midnight, there were a modest 37 checkins. This bottomed at 0 at 3:30, then rose to the high of 164 concurrent checkins at 10:30. It went back down to 98 at 13:00 (not sure what caused the dip), but then rose to 150 checkins at 17:30, which lines up with the large number of late afternoon flights. And from there it slowly fell as the number of flights too decreased.

While this does not make me want to take all flights at 3:00, it is eye opening to see the movement of the population illustrated so smoothly. The number of Foursquare checkins may have reached a standstill, but their extensive and current database remains plentiful and telling. Sure, I cannot directly convert Foursquare checkins to number of all people present. But it offers me a great look into how people come and go, how crowds fluctuate over time.

So I am with Dennis Crowley; I can see the direct value in this data, and I too look forward to seeing where they keep going.

1 year ago