Author Topic: Feeling queasy about opening mint.com account  (Read 78277 times)

daizy744

  • 5 O'Clock Shadow
  • *
  • Posts: 41
Feeling queasy about opening mint.com account
« on: September 03, 2012, 06:06:27 AM »
Mustachians rave about Mint to track expenses/net worth. I took a tour, and it does look like it'd be pretty awesome at the job.

However, I can't help but feel queasy about giving this company/web site all my account numbers and passwords. Somehow, I could see hackers getting to this info, and very bad things happening. It's like trusting a stranger with my bank card and PIN, or with a suitcase full of cash, and asking them to watch it for me, while I pop into the washroom at the mall. I can't help but feel like that stranger will vanish once I get back out...

Since you are all intelligent people, how do you sleep at night with all your account info in there? I read their privacy policy, but I still don't fully trust them...

mike@livetheneweconomy

  • 5 O'Clock Shadow
  • *
  • Posts: 25
    • Live the New Economy
Re: Feeling queasy about opening mint.com account
« Reply #1 on: September 03, 2012, 08:01:45 AM »
My thought on this is that your existing bank already has that information, as well as every financial institution that you have an online account with.  The only difference is that Mint has them all, but Mint's very existence is predicated on their ability to keep your data safe-- one data breach and that confidence would be lost and their business model would be in jeopardy.  I use strong passwords and keep a close eye on my accounts. 

In fact, Mint was the first place that alerted me to the fact that someone had stolen my wife's debit card number and were on a spending spree. 

I've posted a few things about my experience with Mint if you'd like to go check them out.  Between the web site, the iOS apps, and the Mint Quick View program on my Mac, I'm constantly able to access all of my financial data in one place.  That is valuable to me.

http://livetheneweconomy.com/blog/2012/7/16/how-i-use-mintcom-to-manage-our-finances.html

MacGyverIt

  • Bristles
  • ***
  • Posts: 250
  • Location: Not in a tropical, underpopulated location. And that's just wrong.
  • What Would MacGyver Do?
Re: Feeling queasy about opening mint.com account
« Reply #2 on: September 03, 2012, 08:04:22 AM »
I second Mike's remarks.

 I did my homework about how their website's architecture is supported and feel just as safe using mint.com as I do logging in to any account individually (b/c that's a lot how mint handles it). Here's a good article to explain just how careful they are:

http://bucks.blogs.nytimes.com/2010/07/06/should-you-trust-mint-com/

arebelspy

  • Administrator
  • Senior Mustachian
  • *****
  • Posts: 28444
  • Age: -997
  • Location: Seattle, WA
Re: Feeling queasy about opening mint.com account
« Reply #3 on: September 03, 2012, 08:07:00 AM »
Because I know they focus on security, it obviously is one of their primary functions.
Because I know they would alert everyone right away if there was a security breach to give time to change passwords.
Because I know there are fraud banking protections in place.
Because I know they've been going successfully for years and if there were issues we'd have heard about it.
Because I know that even if someone "hacked" my Mint account (much more likely they got the info from some sort of spyware/keylogger on your computer than actually hacking Mint), they couldn't do anything with it.

Mint is read only.  It can see your accounts, it can't do anything to them.  No way to transfer money or anything. No way to see any passwords you've shared with them.

If you want, I'll share my Mint password with you for five or ten minutes (then I'll change it).  Any money you get out is yours to keep.

This may help you as well: lifehacker.com/5332714/why-i-stopped-being-paranoid-and-started-using-mint

In a nutshell it argues the convenience is worth the small risk trade off.

I also don't worry about terrorism or shark attacks.  And while also unlikely like those, Mint getting hacked has much less consequences (someone can see your accounts.. meh?)

If you aren't comfortable, absolutely don't use it.  There are offline ways to do the same thing.  Maybe a little more hassle, a little more work.  Mint is convenience, but peace of mind is important.  You have to weigh and decide for yourself.  Those are just some of the reasons I don't worry.
I am a former teacher who accumulated a bunch of real estate, retired at 29, spent some time traveling the world full time and am now settled with three kids.
If you want to know more about me, this Business Insider profile tells the story pretty well.
I (rarely) blog at AdventuringAlong.com. Check out the Now page to see what I'm up to currently.

MacGyverIt

  • Bristles
  • ***
  • Posts: 250
  • Location: Not in a tropical, underpopulated location. And that's just wrong.
  • What Would MacGyver Do?
Re: Feeling queasy about opening mint.com account
« Reply #4 on: September 03, 2012, 08:11:27 AM »
Mint is read only.  It can see your accounts, it can't do anything to them.  No way to transfer money or anything. No way to see any passwords you've shared with them.

Read only -- good point, also -- your account numbers are each account are NOT displayed ANYWHERE and you cannot transfer money to/from your accounts within mint.com.

daizy744

  • 5 O'Clock Shadow
  • *
  • Posts: 41
Re: Feeling queasy about opening mint.com account
« Reply #5 on: September 03, 2012, 09:02:43 AM »
Thanks for the quick and honest replies. Somehow, getting opinions from someone who already uses the service helps me.

LOL @ arebelspy for your offer. That, out of everything, makes me feel confident about the security.

I'll go ahead and sign up.

arebelspy

  • Administrator
  • Senior Mustachian
  • *****
  • Posts: 28444
  • Age: -997
  • Location: Seattle, WA
Re: Feeling queasy about opening mint.com account
« Reply #6 on: September 03, 2012, 09:25:53 AM »
:)

Try it out with something small - say a credit card.  It'll have fraud protections so you don't have to pay for anything you didn't purchase.

Get used to and comfortable with it, then you can decide to add more things like bank accounts.

Good luck!
I am a former teacher who accumulated a bunch of real estate, retired at 29, spent some time traveling the world full time and am now settled with three kids.
If you want to know more about me, this Business Insider profile tells the story pretty well.
I (rarely) blog at AdventuringAlong.com. Check out the Now page to see what I'm up to currently.

Bakari

  • Handlebar Stache
  • *****
  • Posts: 1799
  • Age: 44
  • Location: Oakland, CA
  • Veggie Powered Handyman
    • The Flamboyant Introvert
Re: Feeling queasy about opening mint.com account
« Reply #7 on: September 03, 2012, 10:56:51 AM »
The times my credit cards have been hacked (2 or 3 times in the past 15 years) , it was always be someone overseas, all before Mint was invented, and always obviously fraudulent (which meant it was no big deal to call and have the charges reversed)

I don't know how they did it, but clearly it can be done somehow, whether you are using Mint, whether you are using internet banking at all.  There are even those (extremely rare) cases where a scam artist ruins a kid's credit who isn't even 18 yet.  I know someone who won't even pay bills online.  I figure its safer to be able to check your accounts frequently (rather than waiting for statements to come out) so you can notice anything amiss right away.  Avoiding the internet won't protect you anyway, so why worry about something that you have no possible way to prevent? 

Incidentally, you trust strangers with your credit card information (assuming you have one) all the time.  Any cashier worth their weight in paper bags can go into the computer after a transaction and extract your credit card number.  99.99% of the time they don't though.

If anyone is clever enough to hack my accounts where it isn't glaringly obviously fraud (because when it is obvious, it has no affect on my life other than me having to make a pone call) then they should be smart enough to pick a victim with more assets to steal!

James

  • Handlebar Stache
  • *****
  • Posts: 1678
  • Age: 51
  • Location: Rice Lake, WI
Re: Feeling queasy about opening mint.com account
« Reply #8 on: September 03, 2012, 01:03:11 PM »
Incidentally, you trust strangers with your credit card information (assuming you have one) all the time.  Any cashier worth their weight in paper bags can go into the computer after a transaction and extract your credit card number.  99.99% of the time they don't though.


That used to give me a big kick back in the day when people were worried about using their credit card online.  They would have no problem reading off their cc info over the phone to some store clerk across the country, but heaven forbid they let it be sent encrypted across the internet.  I understand the concern about new technology and it's good to be nervous and ask questions.  Just don't let rumors or speculation control your decisions, find the facts and smart people to base your decisions on.


One suggestion I'll add is to start using something like 1Password to keep track of your passwords and account info.  I'd like to find something better than 1Password, but it works fine for now.  But the key is to be able to quickly change your passwords on all of your accounts whenever needed, and keep track of your new passwords as you add online accounts.  You don't want to use the same password everywhere online, so that means keeping track of all the different ones.  Back when I started Mint I stopped going to all the individual sites to get my banking and cc info, and so I started forgetting some passwords.  Now I just keep track of them in one application that I can reach on different devices I own, and just need one good password for that program.

arebelspy

  • Administrator
  • Senior Mustachian
  • *****
  • Posts: 28444
  • Age: -997
  • Location: Seattle, WA
Re: Feeling queasy about opening mint.com account
« Reply #9 on: September 03, 2012, 01:41:56 PM »
I use LastPass James, but that's not for one who doesn't like keeping stuff online or is scared of online security.

In that case, I'd recommend KeePass, with the database stored, encrypted, in a Dropbox folder.
I am a former teacher who accumulated a bunch of real estate, retired at 29, spent some time traveling the world full time and am now settled with three kids.
If you want to know more about me, this Business Insider profile tells the story pretty well.
I (rarely) blog at AdventuringAlong.com. Check out the Now page to see what I'm up to currently.

Petruchio

  • 5 O'Clock Shadow
  • *
  • Posts: 41
Re: Feeling queasy about opening mint.com account
« Reply #10 on: September 03, 2012, 01:53:52 PM »
I just opened my mint account and felt that these same reservations. By and large, everyone is very supportive here of the company. I'm feeling much better about it. Thanks y'all.

Nudelkopf

  • Pencil Stache
  • ****
  • Posts: 897
  • Age: 32
  • Location: Australia
Re: Feeling queasy about opening mint.com account
« Reply #11 on: September 03, 2012, 09:15:34 PM »
I studied cryptography at uni, and it's often said that humans are worse at keeping secrets than computers.
(i.e. don't ever write your passwords down & keep different passwords for each account & make them long/complicated enough that someone can't guess them)(and don't ever tell anyone.)

keith

  • Bristles
  • ***
  • Posts: 311
  • Age: 39
  • Location: Seattle/eastside
Re: Feeling queasy about opening mint.com account
« Reply #12 on: September 03, 2012, 10:43:34 PM »
Relevant XKCD comic :)


jpo

  • Pencil Stache
  • ****
  • Posts: 518
  • Age: 37
  • Location: North Carolina
Re: Feeling queasy about opening mint.com account
« Reply #13 on: September 04, 2012, 03:00:31 PM »
This thread has also inspired me to open an account, mostly for the alerts on budgeting (I have a budget but never reconcile it, oops). Had thought about it a few years ago but had the same wariness about sharing account login information.

daizy744

  • 5 O'Clock Shadow
  • *
  • Posts: 41
Re: Feeling queasy about opening mint.com account
« Reply #14 on: September 04, 2012, 05:20:13 PM »
I took the plunge and opened an account. In fact, I ended up hooking up all my accounts/cards. It was super easy, and I'm really impressed at how organized everything is. I like how they remind me when my credit card payment is due, as I always wait until a couple days before the due date. And it categorized all my expenses from my cc statement and checking account.

Really liking it so far!

Uncephalized

  • Stubble
  • **
  • Posts: 136
  • Age: 36
  • Location: Phoenix, AZ
Re: Feeling queasy about opening mint.com account
« Reply #15 on: September 05, 2012, 02:39:49 PM »
I use LastPass James, but that's not for one who doesn't like keeping stuff online or is scared of online security.

In that case, I'd recommend KeePass, with the database stored, encrypted, in a Dropbox folder.
This is exactly what I do and I've been very happy with it. Just make sure you know your Dropbox password in case you need to get a password through Dropbox's web portal when you're not on your own computer.

AmbystomaOpacum

  • 5 O'Clock Shadow
  • *
  • Posts: 65
  • Age: 11
  • Location: Somewhere in the southeast U.S.
Re: Feeling queasy about opening mint.com account
« Reply #16 on: September 06, 2012, 09:39:27 AM »
I fall on the won't-use side.

I follow tech news pretty closely. *Everyone* gets hacked eventually. Apple has been hacked. Sony has been hacked. WordPress has been hacked. Steam has been hacked. These are not dumb companies. The internet is simply not inherently secure. It takes tremendous effort to prevent hacks, and there will always be unforeseen exploits.

tooqk4u22

  • Magnum Stache
  • ******
  • Posts: 2832
Re: Feeling queasy about opening mint.com account
« Reply #17 on: September 06, 2012, 02:15:06 PM »
I fall on the won't-use side.

I follow tech news pretty closely. *Everyone* gets hacked eventually. Apple has been hacked. Sony has been hacked. WordPress has been hacked. Steam has been hacked. These are not dumb companies. The internet is simply not inherently secure. It takes tremendous effort to prevent hacks, and there will always be unforeseen exploits.

The counter argument here will be that people still access their account online through their various institutions, which someone mentioned above, but if one of my accounts is hacked so be it but sites like mint would have all of the accounts at one place to be hacked.  It comes down to the backing of the company...if Wells Fargo gets hacked and something happens to my account I am pretty comfortable that it will work out fine.....if however Mint gets hacked and the id/passwords/personal information is used I do not have the same confidence.

Mints security seems good but that is a lot of good information in a single place, I would think it would be a hackers dream.

arebelspy

  • Administrator
  • Senior Mustachian
  • *****
  • Posts: 28444
  • Age: -997
  • Location: Seattle, WA
Re: Feeling queasy about opening mint.com account
« Reply #18 on: September 06, 2012, 02:49:41 PM »
I'd rather Mint be hacked than my Bank of America login.

Because someone can't do anything with my Mint login, besides delete data (not affecting anything - it'd still exist on the appropriate bank site). 

If they have my B of A login, they could transfer money.

Besides, if Mint is hacked, I wager that it'd be the Mint username/password combo itself, not the ones for the institutions that are hooked up  to it.

And finally, I think there'd be a disclosure so fast I'd easily have time to change the half dozen passwords on accounts linked to it.  If they hack some of the account accounts (out of all of the accounts there), the odds of mine being in there is small.  Even if they hack a million of them, and mine IS in there, and was in plain text for some reason the odds that they then get access to my accounts and transfer money (while going through those million) before it's discovered and I can change passwords is small.  Further even if it DID happen, most likely the bank would recognize the fraudulent attempt and block it. And even if they didn't the odds that I'd be liable for that fraudulent activity is small.

All of those tiny, tiny probabilities put together?  I'm more worried about dying from an asteroid falling on my head than I am of losing money because I used Mint.

Here's the thing: since it's dealing with money, there are disclosure laws Mint has to follow.  AND it's something people will notice quickly. So if if they were hacked, and Mint didn't know, once people started losing money, we'd find out fast.  And at that point, you can change your passwords.  The odds of you being one of the very first to have your password cracked from Mint's database is exceedingly small.

I think if Mint is hacked, it I think the most likely look like this:
Hackers gain database with logins and passwords (to Mint itself, not banks that are hooked up to Mint).  It's encrypted/hashed/salted/etc.  Mint announces this, everyone changes passwords Mint, and to their banking institutions (just in case).  No accounts actually lose money, no reported losses.  Mint's reputation takes a hit, everyone moves on, most continue to still use it.

If you aren't comfortable with it, fine, no big deal, don't use it.

But trying to convince me it's not safe?  Heh.  Sorry, I'm not worrying.  Because even if they  are eventually hacked (which very well could happen, I'll grant you), I think the odds of losing any money are so exceedingly small it's well worth using the service.

To each his own, YMMV.
I am a former teacher who accumulated a bunch of real estate, retired at 29, spent some time traveling the world full time and am now settled with three kids.
If you want to know more about me, this Business Insider profile tells the story pretty well.
I (rarely) blog at AdventuringAlong.com. Check out the Now page to see what I'm up to currently.

tooqk4u22

  • Magnum Stache
  • ******
  • Posts: 2832
Re: Feeling queasy about opening mint.com account
« Reply #19 on: September 06, 2012, 03:06:35 PM »
I agree with you and I wasn't really taking a position on whether or not it is safe, but I did say that the site seemed secure.  I wouldn't be afraid to use it but I am just to lazy to go through the process.

But to a few of your comments:

I'd rather Mint be hacked than my Bank of America login.

Because someone can't do anything with my Mint login, besides delete data (not affecting anything - it'd still exist on the appropriate bank site). 

If they have my B of A login, they could transfer money.

My point was that if they hacked mint they WOULD have all your IDs and passwords because you need to provide those to mint so it can access your various financial sites and then could just log on to those sites and make the necessary transfers - that is the risk and the hacker dream scenario (hacking the mint database and not your individual ID) that I referred to even if it is a low probability event because of mints security, notification protocols, fraud measures at other institutions, but more importantly it would be a lot of work for not a big pay off for all the work (although I wonder if a hacker could write a code that accesses a single site and simultaneously all the user IDs/Passwords at same time).

Here's the thing: since it's dealing with money, there are disclosure laws Mint has to follow.  AND it's something people will notice quickly. So if if they were hacked, and Mint didn't know, once people started losing money, we'd find out fast.  And at that point, you can change your passwords.  The odds of you being one of the very first to have your password cracked from Mint's database is exceedingly small.

It is not a bank or even a financial services company so disclosure laws probably don't apply and are likely voluntary (would be stupid if they didn't do it but history has shown that company's make stupid decisions all the time about this stuff - usually to contain it or preserve revenue.  So don't take comfort in this, but do take comfort in that in the second part that it would get out quick by the users but maybe not quick enough.

I would also add that it is owned by Intuit so if any people don't trust mint then they shouldn't trust turbo tax, quicken, etc.

AmbystomaOpacum

  • 5 O'Clock Shadow
  • *
  • Posts: 65
  • Age: 11
  • Location: Somewhere in the southeast U.S.
Re: Feeling queasy about opening mint.com account
« Reply #20 on: September 06, 2012, 03:31:47 PM »
But trying to convince me it's not safe?  Heh.  Sorry, I'm not worrying.  Because even if they  are eventually hacked (which very well could happen, I'll grant you), I think the odds of losing any money are so exceedingly small it's well worth using the service.

Not trying to convince, just to provide another viewpoint.

Is it likely you will lose money due to Mint? Of course not. But somewhere, somehow, your login credentials are stored. And since a lot of what Mint does probably relies on screen-scraping, they are probably encrypted reversibly instead of being hashed/salted/bcrypted (as one would usually do with passwords). My bank on the other hand can definitely hash my credentials. Both are secure enough 99.lots of 9's percent of the time. But to me, the possibility of credentials being reversibly encrypted and the near certainty that eventually *some* part of the Mint system will be hacked is enough to keep me away.

arebelspy

  • Administrator
  • Senior Mustachian
  • *****
  • Posts: 28444
  • Age: -997
  • Location: Seattle, WA
Re: Feeling queasy about opening mint.com account
« Reply #21 on: September 06, 2012, 04:34:42 PM »
My point was that if they hacked mint they WOULD have all your IDs and passwords

Not necessarily true.  Like I said in my post, it's most likely they would have a big encrypted database with Mint.com logins and passwords, not the logins and passwords to the linked accounts.

It is not a bank or even a financial services company so disclosure laws probably don't apply

Not true.  All PII compromises must be disclosed, not just financial.
I am a former teacher who accumulated a bunch of real estate, retired at 29, spent some time traveling the world full time and am now settled with three kids.
If you want to know more about me, this Business Insider profile tells the story pretty well.
I (rarely) blog at AdventuringAlong.com. Check out the Now page to see what I'm up to currently.

Sylly

  • Bristles
  • ***
  • Posts: 265
Re: Feeling queasy about opening mint.com account
« Reply #22 on: September 06, 2012, 06:14:18 PM »
My point was that if they hacked mint they WOULD have all your IDs and passwords
Not necessarily true.  Like I said in my post, it's most likely they would have a big encrypted database with Mint.com logins and passwords, not the logins and passwords to the linked accounts.
While that's technically correct, it doesn't address the other point Ambystoma raised.

But somewhere, somehow, your login credentials are stored.

If I were a hacker, the Mint.com logins won't be my primary target. It's the login info of all their users to all their other accounts I'd be after.

I'm not denying the cumulative probability of experiencing actual loss in the event such a compromise of Mint's data occurs is small. Just that the fact that Mint is read only doesn't negate the fact that info to access your finances and personal info exists at an additional place (Mint's servers) and is therefore subject to additional risks.

arebelspy

  • Administrator
  • Senior Mustachian
  • *****
  • Posts: 28444
  • Age: -997
  • Location: Seattle, WA
Re: Feeling queasy about opening mint.com account
« Reply #23 on: September 06, 2012, 08:02:32 PM »
I'm not denying the cumulative probability of experiencing actual loss in the event such a compromise of Mint's data occurs is small.

Okay.  That's my only point.  I don't worry about things that have exceedingly small probabilities of occurring.

I agree with you that it is theoretically possible for the database of linked accounts to get compromised, then decrypted, then accessed, then money transferred, which is not caught by their fraud department, and then is not refundable to me when I catch it, all happening before it happens to others or Mint finds out and I am able to change my passwords.  That could happen.  If that worries you, by all means, don't use Mint.

I just want to be clear on how that's unlikely, to help prevent the spread of FUD.

It's one reason why I'm not a fan of TSA security theater. 
I am a former teacher who accumulated a bunch of real estate, retired at 29, spent some time traveling the world full time and am now settled with three kids.
If you want to know more about me, this Business Insider profile tells the story pretty well.
I (rarely) blog at AdventuringAlong.com. Check out the Now page to see what I'm up to currently.

pedstrom

  • 5 O'Clock Shadow
  • *
  • Posts: 1
Re: Feeling queasy about opening mint.com account
« Reply #24 on: January 07, 2013, 09:54:30 AM »
Since you are all intelligent people, how do you sleep at night with all your account info in there? I read their privacy policy, but I still don't fully trust them...

I'd like to follow up on this conversation as the posts didn't entirely answer the question for me ... given that my financial institute is secure, and that mint.com is secure, and that my mint.com login would only provide read-only access to any would-be hacker that got into my mint.com account...

What incentives are in-place to prevent Mint.com employees from accessing my account? While they (presumably) can not do any harm via the their mint.com web site, there is no reason they couldn't take my financial institute login information and log into my primary account directly and transfer money or whatnot. If not their support people, surely their developers have this level of access. They would need it to fix any import problems that occasionally show up. Right?

keith

  • Bristles
  • ***
  • Posts: 311
  • Age: 39
  • Location: Seattle/eastside
Re: Feeling queasy about opening mint.com account
« Reply #25 on: January 26, 2013, 05:10:23 AM »
What incentives are in-place to prevent Mint.com employees from accessing my account? While they (presumably) can not do any harm via the their mint.com web site, there is no reason they couldn't take my financial institute login information and log into my primary account directly and transfer money or whatnot. If not their support people, surely their developers have this level of access. They would need it to fix any import problems that occasionally show up. Right?

In terms of the "who has access to what" in production/live systems, you have it sort of backwards. I don't work for Mint, but I say this as a person who is currently a developer and was an IT support engineer / systems administrator for several years before that.

In a well designed system, developers actually have little to zero access to production systems. They just aren't allowed anywhere near it for a lot of reasons. Good systems administrators are equipped to capture relevant details, logs, and crash dumps and provide this feedback to the developers in order to assist the troubleshooting process.

Also in a well designed system, people are only given access to what they absolutely need to do their jobs. So even within the systems admins teams access is strictly regulated and only a very select few (trustworthy) individuals are able to access everything. Especially with high impact data they really take this stuff seriously.

Skyn_Flynt

  • 5 O'Clock Shadow
  • *
  • Posts: 78
  • Age: 55
  • Location: North Carolina
Re: Feeling queasy about opening mint.com account
« Reply #26 on: January 26, 2013, 07:26:33 AM »
I track my net worth on a spreadsheet. It's not that hard to log into a couple of brokerage accounts, check my mortgage balances, a few times a week and update.

I have had the experience of credit cards being stolen off websites where I'd purchased things, so centralizing my information on any one website doesn't sit well with me. Even if read-only I'd be concerned about identity theft and hackers. I'm not even on FaceBook (with my real name) for that reason.

It's OK to minimize exposure and risk on the 'net, you don't have to be a "prepper". ;-)

« Last Edit: January 26, 2013, 07:54:15 AM by Skyn_Flynt »

GoStumpy

  • Stubble
  • **
  • Posts: 243
    • YNAB = The ultimate budgeting software
Re: Feeling queasy about opening mint.com account
« Reply #27 on: January 26, 2013, 08:31:35 AM »
I assume nobody cares about the thing they signed with their bank to not disclose their password to ANYONE?

That's the one that stopped me... sure I can trust the site, but if it violates my agreement with my bank of 20+ years, and if anything goes wrong I'm *screwed*, not just 'fraud victimized'....

I prefer to use software that is in no way connected to my bank :)

keith

  • Bristles
  • ***
  • Posts: 311
  • Age: 39
  • Location: Seattle/eastside
Re: Feeling queasy about opening mint.com account
« Reply #28 on: January 26, 2013, 01:50:25 PM »
I assume nobody cares about the thing they signed with their bank to not disclose their password to ANYONE?

That's the one that stopped me... sure I can trust the site, but if it violates my agreement with my bank of 20+ years, and if anything goes wrong I'm *screwed*, not just 'fraud victimized'....

I prefer to use software that is in no way connected to my bank :)

I'm with you on this point. I trust that mint is secure, but it really now comes down to the fact that if something terrible happened, would the bank back me up even if I violate TOS by handing my password to a 3rd party.

For this reason, I closed my mint account a couple months ago.

I ended up writing my own expense tracking software that has no mint-style automation. A local (to my network) database with budgets, transactions, and long-term networth tracking. Building a Windows app that is used for data entry and reporting. No personally identifiable information or bank account numbers or passwords. It's still in progress, but I have been using it so far to track my 2013 expenses.

It requires manual data entry, but I prefer it this way anyway because it helps keep me in tune with my exact financial status at all times.

dahlink

  • 5 O'Clock Shadow
  • *
  • Posts: 83
Re: Feeling queasy about opening mint.com account
« Reply #29 on: January 26, 2013, 04:12:33 PM »
A well respected tech journalist, Leo Laporte has covered mint.com a few times on his shows.  He was also very untrusting of letting mint.com have his financial credentials.  It appears that many of the banks use a backend called yodlee.com or a service like it to secure your data.  Mint uses one of these backend services just like your online bank.

Leo briefly covers it in this link at after the 3 minute mark:
http://twit.tv/show/ipad-today/119

I could not find the lifehacker article that he mentioned but it seems that mint.com is at least safer than we have feared or  at best just as safe/unsafe as using online banking since they use the same back end.  Just be sure to use a $+r0nG password with your mint account as will any account.

arebelspy

  • Administrator
  • Senior Mustachian
  • *****
  • Posts: 28444
  • Age: -997
  • Location: Seattle, WA
Re: Feeling queasy about opening mint.com account
« Reply #30 on: January 26, 2013, 04:52:11 PM »
I could not find the lifehacker article that he mentioned

I linked to a lifehacker article in the third reply to this thread.  Haven't listened to your link, so I'm not sure if that's the one he was talking about, but it does address Mint's security.
I am a former teacher who accumulated a bunch of real estate, retired at 29, spent some time traveling the world full time and am now settled with three kids.
If you want to know more about me, this Business Insider profile tells the story pretty well.
I (rarely) blog at AdventuringAlong.com. Check out the Now page to see what I'm up to currently.

dahlink

  • 5 O'Clock Shadow
  • *
  • Posts: 83
Re: Feeling queasy about opening mint.com account
« Reply #31 on: January 26, 2013, 05:39:16 PM »
I found that article but Leo had mentioned one by Gina Trapani addressing this subject as well and why your credentials are safe do to the same backend (yodlee.com) being used.  I did not mean to repeat the same info, just to shed some light that if you bank online with your banks website, they like use the same backend services that mint uses.  I glazed through but did not see it mentioned.  It may have missed it though.

Another Reader

  • Walrus Stache
  • *******
  • Posts: 5327
Re: Feeling queasy about opening mint.com account
« Reply #32 on: January 26, 2013, 06:34:30 PM »
Mint used to use Yodlee, but when they were bought by Intuit, they switched to a proprietary program developed in-house.  Bof A's "My Portfolio" and Fidelity's "Full View," which are somewhat similar to Mint in function, still use Yodlee.  Lots of other banks and credit unions offer Yodlee-backed transaction tracking programs. 

Some of your data must remain in the provider's files.  How else could the program make comparisons over time and tell you when you spend above the budget in a category?  I know the "My Portfolio" version stores data, because it tells me when it last updated each account.  Often it is hours or even days before.  It also tells me how my net worth changes and compares actual to budgeted numbers. 

I still use the program, even though there appears to be a risk.  I don't use Mint because Intuit is not a regulated financial institution.  I figure I will have more leverage with Bank of America if my data is compromised, because it is.

strider3700

  • Pencil Stache
  • ****
  • Posts: 516
  • Location: northern BC
Re: Feeling queasy about opening mint.com account
« Reply #33 on: January 26, 2013, 10:25:39 PM »
  Any cashier worth their weight in paper bags can go into the computer after a transaction and extract your credit card number.  99.99% of the time they don't though.

I know I'm dragging this post up from way in the past but -  I write point of sale software for a living.  We don't store the credit card number in the system.  As far as I know none of our competitors do either.   The charge gets processed, if it passes then the card type and the last 4 digits as well as the transaction numbers get stored against the invoice.  I can stare at millions of transactions with a few clicks of the mouse.   Peoples names, addresses, phone numbers, and in some cases emails are all right there to read.  Not one single credit card number.   This is very very intentional,   we don't feel like being liable if someone manages to hack the system and steal all of the data.   At best they'll get the same info in the phone book and facebook and what groceries they've bought.

Now the old school put the card in the machine and then roll the thing across it to stamp the slip (showing my age I don't know what that was called but it was before electronic card verification) that recorded everything necessary to commit fraud.


arebelspy

  • Administrator
  • Senior Mustachian
  • *****
  • Posts: 28444
  • Age: -997
  • Location: Seattle, WA
Re: Feeling queasy about opening mint.com account
« Reply #34 on: January 27, 2013, 07:53:05 AM »
How about the waiter walking away with your card and coming back 5 minutes later with a slip for you to sign.  They could certainly write all the info down off the card.

Substitute that example into Bakari's post and you still have the point he was trying to make.
I am a former teacher who accumulated a bunch of real estate, retired at 29, spent some time traveling the world full time and am now settled with three kids.
If you want to know more about me, this Business Insider profile tells the story pretty well.
I (rarely) blog at AdventuringAlong.com. Check out the Now page to see what I'm up to currently.

grantmeaname

  • CM*MW 2023 Attendees
  • Walrus Stache
  • *
  • Posts: 5960
  • Age: 31
  • Location: Middle West
  • Cast me away from yesterday's things
Re: Feeling queasy about opening mint.com account
« Reply #35 on: January 27, 2013, 08:44:51 AM »
I assume nobody cares about the thing they signed with their bank to not disclose their password to ANYONE?

That's the one that stopped me... sure I can trust the site, but if it violates my agreement with my bank of 20+ years, and if anything goes wrong I'm *screwed*, not just 'fraud victimized'....

I prefer to use software that is in no way connected to my bank :)

1) I'm pretty sure I didn't sign that with my bank.
2) Mint is not a person.
3) What's the worst the bank could do? Fire you as a consistently great customer with a long history, shoot themselves in the foot, and tell you to go find another bank? For a trivial non-offense?

Another Reader

  • Walrus Stache
  • *******
  • Posts: 5327
Re: Feeling queasy about opening mint.com account
« Reply #36 on: January 27, 2013, 09:09:51 AM »
1.  Check your on-line banking access agreement.  In all likelihood, it's there.

3.  The "worst the bank could do" is not reimburse you for the fraud if you and not they are responsible for the password compromise.

grantmeaname

  • CM*MW 2023 Attendees
  • Walrus Stache
  • *
  • Posts: 5960
  • Age: 31
  • Location: Middle West
  • Cast me away from yesterday's things
Re: Feeling queasy about opening mint.com account
« Reply #37 on: January 27, 2013, 09:32:29 AM »
1. Nope, I don't see it anywhere, and I didn't see it anywhere when I signed up for the account. All I see is a boilerplate "indemnify and hold harmless clause". Maybe you could look at the agreement and point out where I'm missing it?

3. If there were ever a single documented instance of fraud from Mint leading to a Mint user losing even a single cent, I might be a little more sympathetic. I agree that there is a possibility of that risk, and that issues like this have happened with many password databases, but it's probably about as likely as being struck by lightning, so it's not even worth the effort of worrying about it. If you wanted a big haul, wouldn't you attack something like a life insurance company or a small financial advisor's office? There's a lot more money for a lot less effort there, to be sure.

chucklesmcgee

  • Pencil Stache
  • ****
  • Posts: 613
Re: Feeling queasy about opening mint.com account
« Reply #38 on: January 27, 2013, 09:38:12 AM »
1.  Check your on-line banking access agreement.  In all likelihood, it's there.

Nope. Total BS. Do you think the vast majority of banks would be actively and willingly working to be compatible with a major financial service like mint if using it violated customer's terms of service?

Quote
The "worst the bank could do" is not reimburse you for the fraud if you and not they are responsible for the password compromise.

Yeah, prove it.

Stop being a baby and thinking the finance Nazis are controlling every move you make.

Another Reader

  • Walrus Stache
  • *******
  • Posts: 5327
Re: Feeling queasy about opening mint.com account
« Reply #39 on: January 27, 2013, 10:58:06 AM »
As I said, I USE one of the Yodlee programs, the B of A program.  My banks and credit unions do not "allow" you to disclose your password.  There could be a liability issue, although the fact that B of A and many other financial institutions offer and promote the programs is a bit of a head scratcher.  Intuit has a ton of experience protecting data in Turbo Tax and probably takes a similar level of precaution with Mint.  That being said, I still prefer to keep the data at the financial institution, not on an Intuit server.

SugarMountain

  • Pencil Stache
  • ****
  • Posts: 938
Re: Feeling queasy about opening mint.com account
« Reply #40 on: January 07, 2015, 05:11:06 PM »
I'm debating setting up Mint to consolidate my financial information, as opposed to doing it from Quicken (or where it is now, which is a spreadsheet).  Much like the original poster, I am a little queasy about this, which is how I found this thread while searching for thoughts from others.  I've read the links provided above, but they are a little short on discussing the actual vulnerabilities and/or liability.

One thing I did find on the web was when "heartbleed" came out last year, some people weren't really satisfied with Mint's response.
http://www.ianww.com/2014/04/15/mint-is-misleading-users-about-heartbleed/
https://news.ycombinator.com/item?id=7595317

It sounds like in the end, they did not have the heartbleed vulnerability.  But, if they did, the risk is basically what's called a "man in the middle" attack between mint and your banks.  The way mint works is it calls web services provided by the financial institutions, logging in essentially as you, to get your data.  If a hacker did a man in the middle attack, that is to say intercepted the stream of data between mint and your bank, and was able to decrypt it because of heartbleed, they would end up having your user name and password for that institution. Once they've got that, they can do whatever they want with your money.

The other thing that gave me pause is e*trade's consumer protection info, which says, "Related Party Fraud: We will not be responsible for withdrawn funds if you provide your User ID or password to anyone else. " https://us.etrade.com/e/t/home/securityguarantee
I would presume that giving Mint your user ID & password would qualify as "to anyone else". 

All that said, I suspect the risk is still pretty low.  Probably not much different than Quicken's Password vault on your PC and probably lower than malware putting a key logger on your browser.  But, I still can't bring myself to sign up.  My net worth probably doesn't need to be checked more than once a month or so anyway.


TerriM

  • Pencil Stache
  • ****
  • Posts: 505
Re: Feeling queasy about opening mint.com account
« Reply #41 on: January 07, 2015, 06:40:45 PM »
Mustachians rave about Mint to track expenses/net worth. I took a tour, and it does look like it'd be pretty awesome at the job.

However, I can't help but feel queasy about giving this company/web site all my account numbers and passwords. Somehow, I could see hackers getting to this info, and very bad things happening. It's like trusting a stranger with my bank card and PIN, or with a suitcase full of cash, and asking them to watch it for me, while I pop into the washroom at the mall.

Yes. You should absolutely be paranoid.  Completely, thoroughly, and utterly paranoid.  I would never give someone all of that information.   

TerriM

  • Pencil Stache
  • ****
  • Posts: 505
Re: Feeling queasy about opening mint.com account
« Reply #42 on: January 07, 2015, 06:48:18 PM »
How about the waiter walking away with your card and coming back 5 minutes later with a slip for you to sign.  They could certainly write all the info down off the card.

Substitute that example into Bakari's post and you still have the point he was trying to make.

Yup.  That's exactly why I don't give my credit card company permission to pull money (EFT) from my bank account either.   If we're going to have an argument, I want to be the one holding the money.

But banks may or may not owe you anything in case of fraud, and once the money's gone, you're at the mercy of the bank.

 
In one of our classes on computer security (long time ago), we read a paper on bank security.  Apparently most fraud did indeed occur from tellers taking down information.  I remember reading one story where a lady's account got cleaned out, and the bank accused her of trying to steal from the them.  The only way they found out the lady was telling the truth was that the teller had "An attack of conscience."    Great.....
« Last Edit: January 07, 2015, 06:50:25 PM by TerriM »

Ricky

  • Pencil Stache
  • ****
  • Posts: 842
Re: Feeling queasy about opening mint.com account
« Reply #43 on: January 07, 2015, 06:48:48 PM »
It's not the security aspect you should be worried about - it's the sanity part. Having all your accounts in one place means you're going to look at your accounts more often since its easier. Just limit yourself.

scottish

  • Magnum Stache
  • ******
  • Posts: 2716
  • Location: Ottawa
Re: Feeling queasy about opening mint.com account
« Reply #44 on: January 07, 2015, 07:04:19 PM »
I bet that's what Sony and Home Depot said amongst themselves.

'we don't have time for that security stuff.   plus it will make us less productive.'

TerriM

  • Pencil Stache
  • ****
  • Posts: 505
Re: Feeling queasy about opening mint.com account
« Reply #45 on: January 07, 2015, 07:44:24 PM »
I bet that's what Sony and Home Depot said amongst themselves.

'we don't have time for that security stuff.   plus it will make us less productive.'

The thing is this--we're all human.  The people programming Mint are human.   It just takes one mistake to screw you over.

I've seen enough situations as a programmer to be very wary of assuming anyone is doing things right. Even me.  I used to say "there's no way I'd ever ride on an airplane I'd programmed."  I make mistakes.  Others make mistakes.  Someone I know was mailed the entire list of names, birthdays, and SSNs for a school district as part of an excel spreadsheet sent without encryption.  Did you put your SSN on your kid's school application?  I won't now.  I don't make any assumptions anymore.

The best way to keep a secret is not to tell it to anyone.

grantmeaname

  • CM*MW 2023 Attendees
  • Walrus Stache
  • *
  • Posts: 5960
  • Age: 31
  • Location: Middle West
  • Cast me away from yesterday's things
Re: Feeling queasy about opening mint.com account
« Reply #46 on: January 08, 2015, 06:36:52 AM »
It's striking that even with all this hearsay not a single person in this thread has suffered a penny of loss from using Mint. All you will lose over this issue is sleep.

GuitarStv

  • Senior Mustachian
  • ********
  • Posts: 23128
  • Age: 42
  • Location: Toronto, Ontario, Canada
Re: Feeling queasy about opening mint.com account
« Reply #47 on: January 08, 2015, 06:56:53 AM »
It's striking that even with all this hearsay not a single person in this thread has suffered a penny of loss from using Mint. All you will lose over this issue is sleep.

Yeah, the Titanic was so safe that they didn't need lifeboats for all the passengers and that turned out well from what I recall.

frugaliknowit

  • Handlebar Stache
  • *****
  • Posts: 1686
Re: Feeling queasy about opening mint.com account
« Reply #48 on: January 08, 2015, 08:16:56 AM »
Call it what you want but by using Mint, you are providing passwords to a third party.  This can leave you vulnerable should something go way wrong, which it will someday.

vhalros

  • Bristles
  • ***
  • Posts: 308
Re: Feeling queasy about opening mint.com account
« Reply #49 on: January 21, 2015, 03:23:13 PM »
It would be nice if Mint had a way for me to just import data from the bank. I know my bank will export it in various formats for me to download. Then I could just upload it to mint periodically. This way mint would not have any passwords, account numbers (easy enough to scrub from the exported files), etc.