
Twitter clients stay signed in with pre-breach passwords - iProject
http://www.theregister.co.uk/2013/02/04/twitter_oauth_apps_logged_in_with_old_passwords/
======
tommorris
They aren't signed in with "pre-breach passwords". They are signed in with
OAuth tokens.

Not tying the authentication of third-party apps to passwords but instead to
OAuth tokens is sensible precisely because of security failures like this.

