The Money Mustache Community

Learning, Sharing, and Teaching => Ask a Mustachian => Topic started by: DAY440 on January 01, 2015, 07:50:27 AM

Title: Mint.com question
Post by: DAY440 on January 01, 2015, 07:50:27 AM
I started opening up a Mint account but it now wants me to give them my log on information for my credit cards.  This makes me very nervous.  I assume it is secure, since so many on here use it.  I just want to double check and make sure I'm in the right place before I give out that information.  Thanks!
Title: Re: Mint.com question
Post by: ClovisKid on January 01, 2015, 08:49:20 AM
Mint is legit. They are now owned by Intuit, which is the largest personal finance and small business software company in the world (think TurboTax, Quicken and Quickbooks). They capture and store literally tens of millions of social security numbers and business tax IDs – numbers which Mint doesn't use or prompt for.  In order for Mint to be an effective tool for tracking expenses, it must link to your credit cards accounts if you use them regularly for purchases. All major credit cards have fraud protection and will investigate and reimburse you for charges that you did not incur. The risk is low and the potential for damages to you is low. Personally, I am more leery about giving Mint access to my investment accounts as there's a lot more at risk there (>$100K liquid assets versus fraud protection on a credit card with a $10K limit). I am not worried about Mint being hacked as much as I am about the account name and/or password being intercepted across the wireless network. Probably unlikely, but my personal fear.

Mint has saved me literally thousands of dollars just in my first nine months of use. It's liberating and frightening to see where all of my 'stache was going...
Title: Re: Mint.com question
Post by: horsepoor on January 01, 2015, 09:07:06 AM
I have not heard of any data breeches with Mint.  I know it is a little unnerving having all that login info in one place, but it's worth it to me.  On the upside, it's a one-stop-shop that you can check frequently so it's more likely you'll catch fraudulent charges quickly, especially on cards you don't use frequently.
Title: Re: Mint.com question
Post by: begood on January 01, 2015, 09:11:35 AM
I linked my three credit cards but not my bank accounts or investment accounts. That limits its effectiveness, obviously, but it does still give me an excellent picture of what we're spending each month, since all of our discretionary and some of our fixed expenses go on the three cards.
Title: Re: Mint.com question
Post by: DAY440 on January 01, 2015, 09:16:50 AM
Thank you both for replying.  I feel better about it now.  I had not gotten to the investment portion yet.  I just really want a one stop shop to keep track of spending and investments, so I would need to also link banking accounts and investments.  It is really scary but hopefully worth the risk.
Title: Re: Mint.com question
Post by: DeepEllumStache on January 01, 2015, 10:36:59 AM
I've been on Mint since 2009 and have not had an issue with security.  In fact, Mint helps me spot any kind of odd or incorrect charges faster since I can track everything in one location.  I have all my accounts linked, including cc and investments.
Title: Re: Mint.com question
Post by: Ohio Teacher on January 01, 2015, 11:56:51 AM
Not only am I not worried about security with Mint, it has helped us spot 3 fraudulent uses of our credit cards in the last 2 years.  They were all cards we didn't really use anymore, so it would've taken until the next e-mailed statement notification showing an unexpected balance.  As it was, we were able to report all of the charges while still pending and they never fully posted. 

Add to that it's effect of helping us to see our spending "trends," we were able to slash our food/dining spending by 40% in one year and overall spending by 25%.  It's definitely moved the needle a few years on our FIRE goal. 
Title: Re: Mint.com question
Post by: arebelspy on January 02, 2015, 07:41:37 PM
Yes, it is safe.

Here:
http://lifehacker.com/5332714/why-i-stopped-being-paranoid-and-started-using-mint

There's lots of threads discussing this topic. 

Here's a few:
http://forum.mrmoneymustache.com/ask-a-mustachian/feeling-queasy-about-opening-mint-com-account/
http://forum.mrmoneymustache.com/ask-a-mustachian/mint-com-security-peace-of-mind/
http://forum.mrmoneymustache.com/ask-a-mustachian/mint-com-security-concerns/
http://forum.mrmoneymustache.com/ask-a-mustachian/please-help-calm-my-mint-com-paranoia/
http://forum.mrmoneymustache.com/ask-a-mustachian/newbie-question-mint-com-safe/

:)
Title: Re: Mint.com question
Post by: minority_finance_mo on January 02, 2015, 07:42:57 PM
I started opening up a Mint account but it now wants me to give them my log on information for my credit cards.  This makes me very nervous.  I assume it is secure, since so many on here use it.  I just want to double check and make sure I'm in the right place before I give out that information.  Thanks!

My mother has the same issue with Mint. I haven't been able to convince her it's legit (she's very anti-technology), but I hope the rest of the commenters here have convinced you :P
Title: Re: Mint.com question
Post by: sol on January 02, 2015, 07:58:08 PM
I'm a Mint user, and I don't think it's safe.

Your data isn't private anymore.  That lifehacker article claiming it is safe was written in 2009, before the data security breaches at Sony, Home Depot, Target, Ebay, Apple, Gmail, Facebook, Evernote, J.P. Morgan Chase, Citigroup, the NASDAQ, the European Central Bank, Experian, the Heartland Payment Systems, or the whole long list of healthcare providers that have been compromised.  How many examples do you need before you see a pattern?

Pretty much anything you have online is vulnerable.  Putting access credentials for so many different financial institution in one place makes that one place an attractive target.  I'm sure Mint is doing everything it can to protect that information, but ultimately they cannot possible protect your data and still allow everyone remote access from any public computer. 

I think it's only a matter of time before Mint is hacked.  On the bright side, I expect Mint to notify me immediately if my investment accounts start emptying out.  I'm hopeful they'll be more responsive than anyone on the above list in notifying users of the breach promptly, but given that their entire business model is built on convincing you of their infallible trustworthiness, I suspect they might be more reluctant to admit fault than the average hacker target.

Title: Re: Mint.com question
Post by: arebelspy on January 02, 2015, 08:01:30 PM
I'm a Mint user, and I don't think it's safe.

Your data isn't private anymore.  That lifehacker article claiming it is safe was written in 2009, before the data security breaches at Sony, Home Depot, Target, Ebay, Apple, Gmail, Facebook, Evernote, J.P. Morgan Chase, Citigroup, the NASDAQ, the European Central Bank, Experian, the Heartland Payment Systems, or the whole long list of healthcare providers that have been compromised.  How many examples do you need before you see a pattern?

That's fine, but it's as secure as anything is/can be at this point, and unless one wants to completely go off grid/analog/etc.

I think it's as safe as an online bank account (more, actually, since it has read only access) - if you have a bank account you access online, you should be comfortable with Mint.

The NSA has access to all your accounts.  Hackers could get access to anything, especially if they've compromised your individual machine.

But it's as safe as anything you're using online.

So while I agree that it's not 100% safe, it's not worth worrying about, IMO.

Each person must decide that for themselves, of course, as with everything.
Title: Re: Mint.com question
Post by: MilitaryMan on January 02, 2015, 08:06:18 PM
We've been scared to use it, too.  I started to one day, and then got paranoid, canceled my account and change all my other banking passwords.  Makes me super nervous for some online entity to have basically complete access to ALL our financial  information.

We use other methods to tracking net worth and spending.  I'll admit, it's not nearly as seamless as mint.com seems to be, though.
Title: Re: Mint.com question
Post by: sol on January 02, 2015, 08:16:13 PM
That's fine, but it's as secure as anything is/can be at this point

Right, which is why I still use Mint.  My point was just that "as secure as can be" isn't very secure these days, when talking about cloud storage.

Quote
I think it's as safe as an online bank account (more, actually, since it has read only access)

Mint has always touted this line, but I've never understood it.  Mint knows your login credentials, the same ones that give you full access to your accounts.  If they wanted to, they could log in to each financial institution and pretend to be you.

I trust Mint not to do that, because they have a business model based on trust.  But when Mint gets hacked, the hackers will not be so well intentioned and they will have access to the same credentials. 

If they're smart, and can cover their tracks, it will be a slow leak.  Rather than just posting everyone's vanguard account login information on the web, they'll sell of account IDs on the darknet in small batches, maybe 25 at a time.  Hell this could already be going on for all we know.  This isn't exactly a crime that anyone wants publicized.

Quote
But it's as safe as anything you're using online.

Operating under the assumption that nothing is really safe, I suspect that high value targets like Mint are already at the top of the hack attack list.
Title: Re: Mint.com question
Post by: bugbaby on January 03, 2015, 02:24:40 PM
Just curious to OP: would you rather Mint tracked your accounts *without* requiring the passwords? Think about it- really?
Title: Re: Mint.com question
Post by: arebelspy on January 03, 2015, 02:31:45 PM
Just curious to OP: would you rather Mint tracked your accounts *without* requiring the passwords? Think about it- really?

Yes, of course.

But given that the only way (that I can think of - if you have another way feel free to share) for that to happen would be massive cooperation from the financial institutions to push the data over to Mint after you've authorized it, and I don't see that happening, it's very much a moot point.
Title: Re: Mint.com question
Post by: kudy on January 03, 2015, 02:43:02 PM
As long as the headline of the inevitable Mint hack doesn't read, "Mint.com Hacked, User Account Credentials Stored In Plain Text" I am not too worried. Hackers may eventually get user data from Mint, but it's unlikely they would gain access to my attached bank account credentials.

Despite my confidence, I am always happy to see banks adding in "token" access for tools like Mint - read only access controlled by the user. Combine that with 2 factor authentication on the actual login credentials, and I am really happy. Unfortunately, I've only seen this on a few accounts (e.g. Capital One 360,which I don't use). The online banking industry could easily modernize their systems, but they aren't quite there yet.
Title: Re: Mint.com question
Post by: drstarter33 on January 03, 2015, 03:03:51 PM
not sure if you have read this one.

http://youngandthrifty.ca/why-i-cancelled-mint-com/
Title: Re: Mint.com question
Post by: HattyT on January 03, 2015, 03:40:19 PM
I've been a happy Mint.com user since 2009.  Love it!  You are only smart in this day and age to be concerned about security.  But for me, the benefits have WAY out-weighed the risks.
Title: Re: Mint.com question
Post by: bugbaby on January 03, 2015, 07:54:06 PM
My point above is that without requiring password how easy it would be for another party to access your financial information, same reason your bank website needs your password when you log in... Whether its stored or has to be reentered each time isn't the issue. Also Mint does require me to reenter the credentials every so often..

Besides Mint only displays the info, does not carry out transactions.
Title: Re: Mint.com question
Post by: Nothlit on January 03, 2015, 08:44:56 PM
I used to use Mint, but I don't anymore, primarily because of the liability risk of giving out my passwords to a third party. For example, quoting from the account agreement for Alliant Credit Union:

Quote
You are responsible for all EFT transactions you authorize. If you permit someone else to use an EFT service, your Card or your access code, you are responsible for any transactions they authorize or conduct on any of your accounts. In order to maintain secure communications and reduce fraud, you agree to protect the security of your numbers, codes, marks, signs, passwords, or other means of identification. We reserve the right to block access to the services to maintain or restore security to Alliant Online Banking and our systems; if we reasonably believe your access codes have been or may be obtained or are being used or may be used by an unauthorized person(s). You will bear the liability or the risk of any error or loss of data, information, transactions or other losses which may be due to the failure of your computer system or third party communications provider on which you may rely

That pretty clearly says to me that if I give my account password to Mint, and someone makes off with all my money due to a Mint hack, I'm on the hook for the losses. Okay, maybe Mint is insured against that, or maybe I could sue them, but it's just not worth the risk to me.