I must admit I didn't sign up yet - just read the homepage - but something that would be super useful on such a system is throttling tweets.
I've seen more than a few instances where an employee screws up or goes 'rogue' and either goes off on a rant or posts the same thing over and over. It'd be great to only allow employees to post, say, once per hour or whatever, so any problems could be contained.
The invitation flow is very roundabout (even if you sheepishly admit it :-)), and the group account invitation doesn't seem to work at first. I tried to authorize a third-party account (inside of an anonymous tab) three times and the invitation didn't seem to be redeemed when I was redirected from Twitter to Echelon.
At first I thought something was wrong because, perhaps, you didn't set a "return to" URL to complete the invitation acceptance (which you should do if it's at all possible, to prevent your users from having to repeat an action). That was the behavior I expected since the invitation URL's log in prompt said "Sign in to accept".
What really happened is that the Twitter authorize call doesn't — in fact — trigger the acceptance of the invitation, it simply creates an Echelon account. I had to hunt down the "Notifications" section through the Menu while there was no sign where I had landed after the OAuth trip that there were any notifications waiting for me.
You should find a way to surface these notifications where you users are going to land after the Twitter authorize call, otherwise the experience is going to be as frustrating for them as it was for me — that is until they do the work your application should be doing for them: letting them know what actions they need to proceed with next in order to have a fully functioning account.
Now I have to say this is a cool app, I especially like the fact that individual user accounts are used and therefore everything can be logged so the whole team can be aware of the outgoing Twitter activity for each "group account".
This feedback is really useful; we've struggled to nail the process as it is generally very cumbersome having to sign in & out of Twitter accounts (but it's the most secure way, as opposed to XAuth, which would be a possible alternative).
The key thing here is showing the user they have a new invite/notification, which we will add ASAP.
Hi there, you're absolutely right, the invitation workflow isn't perfect yet. There's actually quite a lot of complex mechanics at play, given that a user can own a group, be an account IN a group and also a member OF a group.
We're working on some improved user journeys and they'll be rolled out soon. MVP, and all that ;)
Working on something similar. A free Twitter manager for individuals/teams that includes analytics and scheduling. A couple of screens http://i.imgur.com/0bCOizS.pnghttp://i.imgur.com/rYfCKdN.png Interesting to see how you've done things, good luck! :)
Most of our Tweets come from events where users are on iPhone or Android, so access to Echelon through a mobile app is essential.
HootSuite offers this already, and it's only a little bit more expensive than Echelon, so why should we switch? Genuine question as HootSuite has its own problems so I'm always looking for alternatives.
HootSuite is great, but it's also quite a hefty tool if all you need to do is let people tweet on behalf of n accounts. Also HootSuite works really well if you have a small team of people managing your social media but breaks down (or becomes expensive) if you need to give access to lots of people (this is where you end up with systems involving sharing lists of passwords!).
The idea behind Echelon (and its pricing model) is to promote sensible account security around the simplest of actions - tweeting. The bigger your team the more you pay but otherwise you can divide up your accounts however you want (different amounts of access for different people, etc).
The service seems counter intuitive. You advertise "The safe way to manage your company’s Twitter accounts." yet using the service would mean giving access to a third party. We all know that security is hard and you're creating online password manager - if it will be popular, it will gain unwanted attention.
Sure, you are using an access token and not a password for the accounts, but that's not explicitly said anywhere. I suggest you improve the trustworthiness of Echelon on the landing page.
The landing page mentions that you don't have to share passwords, which is what makes it inherently securer than...well...sharing passwords. Agreed that perhaps it could be clearer that by using access tokens, access can be revoked at any time via Twitter directly which removes the risk (compared to people stealing passwords).
See, I'm bit confused here. I understood it so, that as a user of Echelon, as I wouldn't have to give the Twitter account password to colleagues. But what about to Echelon itself? How can I be sure that the Echelon won't be compromised and all hell wouldn't break loose? Does the account have one Echelon app authorized which then works as a middleman to the users?
Since only the tokens are stored on Echelon's server, any compromise might do some damage (tweets, bio change, etc), but you will not lose the account's password.
I've long thought there was a market for a product like this, but I figured it would be hard to get people to use it if they have to ditch their preferred twitter clients to post (if that assumption is correct).