Author Topic: Mint.com security? Peace of mind?  (Read 2768 times)

KBecks

  • Handlebar Stache
  • *****
  • Posts: 1536
Mint.com security? Peace of mind?
« on: January 07, 2014, 04:56:28 AM »
I'm starting up with Mint.com and it's pretty cool.  So far I have only linked in our kids education accounts, and our credit cards.  This will be a useful tool.

I hope to load in our mortgage and use Mint to visualize our progress in taking that down to zero.

However, I am very hesitant to link up our 'stache account info.   It would be great fun to see our net worth, but, I don't want to mess with our security when it comes to, oh you know, our life savings.

I have been looking at our numbers and I am so happy that we have been good at savings over the years and have a nice 'stache.  We are not Financially independent and while I am proud of our savings, we have some work to do in learning to rock our day to day life habits. 

Anyway, have you gone all the way with Mint?  Have you had / do you have similar concerns?

Thanks, Karen

Khan

  • Pencil Stache
  • ****
  • Posts: 616
Re: Mint.com security? Peace of mind?
« Reply #1 on: January 07, 2014, 05:11:08 AM »
It's run by Intuit, the same company behind Turbotax. That's about the best people you could have be behind it.

Here's an answer from them.
From Quora and googling
Quote
For passwords to Mint itself, we compute a secure hash of the user's chosen password and store only the hash (the hash is also salted - see http://en.wikipedia.org/wiki/Sal... ).  Hashing is a one-way function and cannot be reversed.   It is not possible to ever see or recover the password itself.  When the user tries to login, we compute the hash of the password they are attempting to use and compare it to the hashed value on record. (This is a standard technique which every site should use).

For banking credentials, we generally must use reversible encryption for which we have special procedures and secure hardware kept in our secure and guarded datacenter.  The decryption keys never leave the hardware device (which is built to destroy the key material if the tamper protection is attacked).  This device will only decrypt after it is activated by a quorum of other keys, each of which is stored on a smartcard and also encrypted by a password known to only one person.  Furthermore the device requires a time-limited cryptographically-signed permission token for each decryption. The system (which I designed and patented) also has facilities for secure remote auditing of each decryption.

So... it sounds secure enough from his explanation and my own understanding of software security design.

Petari

  • 5 O'Clock Shadow
  • *
  • Posts: 12
  • Location: Ontario, Canada
Re: Mint.com security? Peace of mind?
« Reply #2 on: January 07, 2014, 05:58:04 AM »
Oh, I imagine Mint's own security is pretty tight. What scares me more (and is leading me to gradually move away from Mint) is the Terms of Service provisions most banks in the US and Canada that I've dealt with have in that they are not liable for any losses connected with online fraud or hacking if you ever disclose your online banking username/password to anyone. I think there's one Canadian bank that has an exception for Mint specifically, but that's it.

Paul der Krake

  • Magnum Stache
  • ******
  • Posts: 4496
  • Age: 11
  • Location: USA
Re: Mint.com security? Peace of mind?
« Reply #3 on: January 07, 2014, 07:10:27 AM »
Oh, I imagine Mint's own security is pretty tight. What scares me more (and is leading me to gradually move away from Mint) is the Terms of Service provisions most banks in the US and Canada that I've dealt with have in that they are not liable for any losses connected with online fraud or hacking if you ever disclose your online banking username/password to anyone. I think there's one Canadian bank that has an exception for Mint specifically, but that's it.
Yeah that's pretty much why I don't use Mint. Too many unanswered questions because these issues have so far never occured and the legality of either side's ToS has never been challenged.

On the other hand, there are so many Mint users that it would be highly unlikely that banks left their customers out in the cold if there was a breach.

rubybeth

  • Handlebar Stache
  • *****
  • Posts: 1401
  • Location: Midwest
Re: Mint.com security? Peace of mind?
« Reply #4 on: January 07, 2014, 07:28:31 AM »
I've been using Mint since the early days. I've never had any issues with it. Since you can't actually move any money around with the site, I am very confident that my information is secure. As for banks saying they aren't liable for losses... might want to check with a lawyer on that one.

You could just put in all of your info. for a day, get a snapshot view, and then delete those accounts and change passwords. Or just use spreadsheets to figure out net worth. I prefer the timeliness of Mint and also use spreadsheets to track some things. I think I'm more likely to get alerted via Mint of a problem (like an unauthorized charge) than have a problem with it.

m8547

  • Bristles
  • ***
  • Posts: 311
Re: Mint.com security? Peace of mind?
« Reply #5 on: January 07, 2014, 08:31:09 AM »
Oh, I imagine Mint's own security is pretty tight. What scares me more (and is leading me to gradually move away from Mint) is the Terms of Service provisions most banks in the US and Canada that I've dealt with have in that they are not liable for any losses connected with online fraud or hacking if you ever disclose your online banking username/password to anyone. I think there's one Canadian bank that has an exception for Mint specifically, but that's it.

That's why I don't use it. If there was a way for my bank to give them read only access with a different password, it would be fine.