DISQUS

Hello! r3fresh is using DISQUS, a powerful comment system, to manage its comments. Learn more.

Community Page

r3fresh.com Jump to website »

Subscribe
- New Comments
Community
Top Commenters
- Ross McKillop
  4 comments · 5 points
- Chris Thomson
  1 comment · 1 points
- gagahput3ra
  1 comment · 1 points
- LOR3N
  1 comment · 1 points
- rocopela
  1 comment · 1 points
Popular Threads
Recent Comments
- Oh. Great. Nobody should buy a Mac because you start to do other things than what you intended. How logical! /end sarcasam Seriously though, if you didn't do random other things on your mac...
  8 months ago by Vaius
  
  in The One Reason NOT to get a Mac
- this is so true i used to love some of these songs until they over killed then on tv
  8 months ago by tv guy
  
  in 10 Overused Songs in Television
- This is an interesting concept. I am tempted to get one for myself.
  8 months ago by rocopela
  
  in You’re a Pretty Drawer: Wacom Bamboo Reviewed
- I have exactly the same problem, I work full time then have to come home to domestic stuff, sleep etc etc... It wouldn't be so bad if it was just write a quick post but one has to make comments...
  8 months ago by Lady Banana
  
  in 5 Tips for One-Man Bloggers
- I never had a broken ipod before... I think you should just sell it and get some new accessories for you brand new ipod. http://www.superwarehouse.com/Apple_iPod/b/25/c/3034
  8 months ago by Kim
  
  in What to do with a Broken iPod?

r3fresh

Simple.

Jump to original thread »

How Secure is Mint.com?

Started by LOR3N · 9 months ago

Leo Laporte brought up a really good point on this week’s TWiT. Should we (the users) surrender our bank account numbers and passwords to Mint? Mint, for those who don’t know, is an online money management tool that will supposedly save you money and allow you to ... Continue reading »

11 comments

ob81
1 year ago

I brought this point up when it was still n beta. I don't trust it. I don't even give all my info to my wife

reply

Justin Goldberg
1 year ago

It gets its data from your banks interface correct?

In any case, banks need to open up their data with a secure, non-proprietary api for things like this. The developer of moneydance personal finance manager has been trying to get banks to allow his program to do the same function for years without the extreme cost.

reply

Justin Goldberg
1 year ago

I should have said banks web interface

reply

lazysupper
1 year ago

I signed up for Mint. I thought I'd be able to use nicknames for my accounts, credit cards, and loans. I was stunned when they asked for my bank account numbers, passwords, etc.

They are using Yodlee as their back-end, saying Mint does not store your info. However, they "access" your info and accounts "from time to time" to update your Mint account.

They require a lot of faith in their encryption and security.

For now... not a chance.

reply

Rose
1 year ago

The developer of monkeydance personal finance manager has been trying to get banks to allow his program access for years. I bet that someday banks will be forced to have some kind of universal api that works with every bank (securely of course)

reply

Rose
1 year ago

Whoops, I meant to say moneydance. Steve Ballmerian slip.

reply

Jeremy
1 year ago

I gave it a try. It doesn't do enough to warrant my trust. Plus they say they do not store your info but, as a web app builder, I have to point out that it is impossible for them NOT to store your info. It is stored in some format, possibly in an encrypted format, but that encrypted format is obviously a format that can be used to access your account info...otherwise, how do they do it? think about it. Also, here is the thing that scared me away. I used the Forgot Password feature. It sent me an email and the link in the email takes you right to a place where you can change your password. No extra security features. So if somebody hijacks your email (which is soo much easier than you might think) they will be able to quickly get all your mint info just by clicking a couple links. WATCHOUT.

BTW, another security tip. If you use your email address as a login at ANY site, never use the same password for as you need for your login. Your password is often stored in a raw format in a db where admins can just see it, and log directly into your email account. I have seen this with my own eyes, databases with thousands of email address / password combos, where probably 50% are using the same password as their email yahoo or gmail account.

reply

Loren
1 year ago

Thanks for your input Jeremy. It's only a matter of time before Mint is hacked into. I had a card that I used with Mint, but I got it changed very soon after.

reply

Justin Goldberg
1 year ago

Is it possible to store the info in a hashed form, where it is only one-way encrypted? I guess that depends on how yodlee works exactly. Shouldn't the mint.com sock puppets and astroturfers be somewhere close by?

Use a different password for paypal, the bank, ebay, etc....

reply