Question About Mint

[njmoney]

Probably been asked many times before but Mint shows up in a lot of searches.  That said, those who use Mint, have you entered all of your passwords into the tool so that it can access all of your accounts at once?  Seems very convenient but also concerns me that if it somehow got hacked that someone would have my passwords to EVERYTHING vs. if some other account of mine was hacked they would have access to one account.  It's also possible that I haven't read up on Mint in enough detail and I'm just missing something obvious.  Taking a the lazy/busy approach I guess by asking it here!

[Greenback Reproduction Specialist]

Your concerns are similar to mine, I don't like the idea of having all of my accounts and their information recorded on a single system like that. I don't care how "secure" they claim it is. Believe me, its a gold mine for hackers. No way am I putting all that out there, you could be wiped out with one breach and spend months or years trying to be made whole.

[Nothlit]

This is a valid concern, and is one of the reasons I eventually closed my Mint account and changed all my financial passwords. (That plus the fact that their system did a poor job pulling in transactions from my credit union.)

Of course people will come along and talk about how Mint encrypts all your passwords, blah blah. But the bottom line is their system also has to be able to decrypt your passwords in order to use them to log into your various financial accounts and retrieve transaction updates. So while the database containing your passwords may be encrypted, the mechanism to decrypt it must also exist somewhere in their system, and a determined hacker could exploit that.

[njmoney]

Thanks for the responses.  I have enough things keeping me up at night, think I'll pass on adding another to the list!

[tonysemail]

two factor authentication means that my gmail getting hacked is the biggest problem I have to worry about.

[Frankies Girl]

I've been a victim of ID theft, and I don't worry a bit about using Mint. They are owned by the same parent company of Turbo Tax, and if millions of people use them to file their taxes - giving them every bit of data including their SS # - then them having my logins for my accounts is small potatoes. And I monitor all my accounts easily through Mint daily so if someone were to do something (again, slender, tiny chance of that anyway) I can see it pretty much the day it happens and get it locked down fast.

[OurTown]

It's delicious in iced tea.

[Greenback Reproduction Specialist]

It's delicious in iced tea.

+1 and field of it smell pretty amazing!

[Syonyk]

I've had my identity stolen or possibly stolen so damned many times I just don't GAF anymore.

If Intuit is hacked, "Big Sky Theory" applies (for those unfamiliar, the concept that, pretty much, you can point airplanes any which way, randomly, and not many will hit each other, because there is a lot of sky out there).

"Big Dump Theory" or something is the closest I have.  Basically, using one stolen identity?  Easy, fun profitable.  Using 10?  Eh, doable, but annoying.  Using 10 million, 50 million, 100 million?  Forget it.  You cannot scale identity theft that way.  Same thing for credit card theft.  I'm sure my CC #s are in dozens of darknet dumps, but people just haven't gotten around to using them.

There's a very good chance that if Intuit gets their cyber-asses handed to them, I'll find out about it in time to do something useful like change my passwords.

If not?  Well, that's a risk I'm willing to take.  No different, really, from my home computers getting compromised with some stealthy malware and stealing my passwords.  *shrug*

It's just really, really far down the list of things I worry about.

[Kakashi]

I suppose there's 2 trains of thoughts.  Absolute security, or get with modern times.  You can worry about security ad nauseum and stay off Mint.  Don't stop there, stay off online banking, online brokerage, online everything.  Go back to using the phone and mailing in your deposits.  Or, realize that this is modern times and there is such a thing as bank level encryption, and there is a tradeoff of very slight risk for very large convenience.

Most of the banks/brokerages have a backup system anyhow.  If someone gets ahold of my password and log in from an unknown computer, it asks for more verification.  If they do something like add a new bank account to transfer money out, I get notified about it and can call in stop it from happening. 

[tonysemail]

We are just totally screwed either way.   Two people I know hate online banking and credit card fraud.   Both are recent victims of mail theft.  In one case, mailing a cashier's check instead of using a bank transfer directly led problems after the check was stolen. 

[bacchi]

Of course people will come along and talk about how Mint encrypts all your passwords, blah blah. But the bottom line is their system also has to be able to decrypt your passwords in order to use them to log into your various financial accounts and retrieve transaction updates. So while the database containing your passwords may be encrypted, the mechanism to decrypt it must also exist somewhere in their system, and a determined hacker could exploit that.

They use hardware encryption and SSO for big bank (including credit card) access. With SSO, password decryption is only occasional (to get the token); with the hardware encryption, it's near impossible to hack without the hardware.

That said, I only use it to track credit cards. It's a great tool for churning with 20+ cards.

[zazpowered]

Mint uses a company called Yodlee to handle authentication to other apps. I don't know if that should make you more worried or less worried

[clarkfan1979]

It is possible for mint to get hacked. However, my available cash is only around 30K. Would I really be a target? I'm thinking there are many other people with more cash in their accounts than me.

It could happen, but it's not something I worry about.

[m8547]

I suppose there's 2 trains of thoughts.  Absolute security, or get with modern times.  You can worry about security ad nauseum and stay off Mint.  Don't stop there, stay off online banking, online brokerage, online everything.  Go back to using the phone and mailing in your deposits.  Or, realize that this is modern times and there is such a thing as bank level encryption, and there is a tradeoff of very slight risk for very large convenience.

If your bank is hacked, as long as you haven't done something stupid (like given your password to someone else, maybe in a phishing email or otherwise) the bank is generally responsible for any missing money.

If Mint is hacked, your bank isn't responsible for anything because you directly violated the online banking terms of service by giving your password to Mint. And it's unlikely that Mint has insurance or funding to cover a widespread hack.

The way to fix it is to have every bank provide a special read-only login for Mint. I don't know if any do that.