A limit to Twitter authentication calls has broken some applications, confusing users and frustrating developers. The microblogging platform now only allows 15 requests to confirm a user’s credentials per hour. Previously there was no published limit and some applications were using well beyond 15.
The reason for the change is well-intentioned on Twitter’s part. Given unlimited attempts, a hacker can guess many passwords using a dictionary attack. Access to some high profile accounts could put you in front of thousands or millions of followers.
Applications that authenticate users with OAuth, the generally safer method, are not affected. Using OAuth sends users to Twitter to authorize an application to access their account, rather than sending a password for verification (Basic Auth).
It’s reasonable to expect most users would prefer Twitter staff focus on security over communication. To remain a popular platform, the company will have to do both, because so many users interact with Twitter through 3rd party applications.