Jeff Atwood over at Coding Horror had an interesting post about sites that ask for your email password to lookup contacts in their system. He suggests that they stop doing that immediately, and long-term, find a more secure solution.

Trust

I can understand where he's coming from. He doesn't want to hand over the keys to all of his information.

I see things a little differently, because I've been on the other side of the fence. Imagine that you're writing a site and your #1 goal is to make it easy to use. Jeff himself is a huge advocate of usability. The problem is that developers don't have an unlimited amount of time. The quickest way to make something easy to use at this point is to simply ask for the information, grab the addresses, and be done with it.

I agree that if the major email providers provide a more secure way to access the data, it's certainly worth investigating.

The second point I'd like to make is that Yelp probably doesn't care that Jeff won't give his personal information. It's an optional step to save him time, and even if he doesn't use the service, he probably represents only 1% of the users that use the service.

I'm very paranoid when it comes to passwords. I have automatically generated random passwords for every site that I use. I still have been trusting enough to give sites like Facebook my Gmail credentials to go check my address book. I should be changing my email password on a regular basis anyway.

The fact is that 99% of users will happily give over any information **that you ask for.**

When I do computer work on the side (which I'm trying to avoid these days), I'll ask for a certain password and strangers will happily give me all of their personal information. Bank account passwords, email passwords, work passwords, etc. I try to tell them they shouldn't do that, but you're not going to change everyone's attitude overnight.

Remember, more than 70% of people would reveal their password in exchange for a bar of chocolate!

I'm sure those services in question would like to have a better solution for accessing the data, but it's probably at the end of a long list of potential features. The only way that's going to change is if they start losing a significant number of customers over it.