There's no way that identifying it as an "anti pattern" is going to kill the practice of requesting credentials for other sites. For one thing, it's being done on the majority of social networking sites out there, including all of the most reputable ones, and for another thing it's something that a lot of people find very convenient.
At best, it'll become like opening zips and exe files. Users will have to become aware of the potential dangers, but the practice of providing the files will remain.
It's a good anti-pattern, just applied at the wrong end. Sites like Twitter and LinkedIn could kill this anti-pattern by offering a proper OAuth (or equivalent) API.
Yes but surely there are some legal issues abound here? these social networking sites are facilitating the data trawling applied by phishers and identity fraudsters.
I'm currently researching the PCI DSS for my employer, and I'm seeing this as the next potential milestone in security compliance. It's not just a matter of the general public becoming aware of the risks, like they have with credit card info, the users of the data must set in place secure standards to deal with identity data.
Interesting note about placement of email address field adjacent to password field in light of contact importing becoming a defacto step in signup processes.
At best, it'll become like opening zips and exe files. Users will have to become aware of the potential dangers, but the practice of providing the files will remain.