Use IFTTT more securely with proxy accounts

IFTTT automates many aspects of your online life. Is it going to rain tomorrow? Hey look I just got an email forecasting rain in my area. Golly thanks T-Guys! :) Or what about receiving an email or finding a new article in Pocket whenever there’s a new xkcd or CommitStrip . Or what if you want to automatically archive your tweets or internet favorites to Evernote or OneNote? Your online alliterative conditional buddy can do all that, and more.

IFTTT is web-service that helps automate your life, but how securely?

The trouble with IF-T-T-Tribbles

But there’s at least one problem with this goodness. Many of IFTTT’s “channels” require full read/write access to your accounts in order to function. For instance, if you want to automatically archive certain things to Evernote, IFTTT requires full access to your Evernote account. That’s scary because an Evernote account is a goldmine for hackers. Even though I’m sure you don’t store sensitive account information in Evernote, think of how the information could be twisted and used by character assailants, would-be blackmailers, or channeled into a social engineering attack on you or your friends and colleagues. So giving the keys to the kingdom to the law offices of I-F-T-T-and-T is enough to make you sweat “T"s. If you were a pirate, you’d probably say, “Shiver me toasted tarred timbers, yo toe toe”.

Use IFTTT a little more securely

First of all, at least use the maximum amount of security that IFTTT provides. Use an insane password and enable two-factor authentication. That should keep an attacker from breaking down the front door. But how securely does IFTTT store your credentials? We don’t really know. If an attacker sneaks in through a backdoor or some zero-day crack in the wall and gets your authentication tokens, you’re still done, even with a crazy password and two-factor authentication.

Another solution is to use a secondary proxy account. Rather than linking your primary Evernote account to IFTTT, create a secondary account and link IFTTT to that. Voila! Much more secure. But what if you want to see the information in your “primary” Evernote account? Just share the Notebook with yourself. Easy as pie; Triple Tart Tangerine pie.

Now, we wouldn’t have to worry about jumping through hoops like this if the APIs of Evernote and company provided more granular control over permissions, or if the IFTTT recipes requested less sweeping permissions. Then, rather than sharing everything, you could allow IFTTT access to specific notebooks or notes in your account and be done with it. Also, if people were cool and kind to each other, we wouldn’t have to worry about these kind of shenanigans in the first place. I think there’s a recipe for that: IF dealing with fellow human being THEN treat with kindness and respect. «Publish»

Ty Walls
Digital Construction Worker

Ty Walls is a software engineer in love with creating, learning, and teaching.