Good security pattern: Remote key

With Web 2.o, it is very likely that your browser UI functionality will also need to be exposed programmatically via an API with 3rd party software. Just like twitter can be used via tweetdeck, twhirl etc.

The user will still need to login to your site for the API call. In such cases, it is a good idea to have a separate password ("remote key") for 3rd-party tools, and a main password for the online login. What you should also do is to restrict the kind of activities that can be done after a remote-key login.

While you may be fully able to control the security of your site and your user's password, you cannot guarantee the behavior and security of 3rd party apps. With a separate remote key, the remote key can be easily changed if it has been compromised. In the interim, the compromised key can only be used for a restricted set of activities by the attacker.

We used this pattern in an Adobe AIR app we developed internally at work. Just noticed the same concept when I signed up for Friendfeed.