I brought this point up when it was still n beta. I don't trust it. I don't even give all my info to my wife
Justin Goldberg
· 1 year ago
It gets its data from your banks interface correct?
In any case, banks need to open up their data with a secure, non-proprietary api for things like this. The developer of moneydance personal finance manager has been trying to get banks to allow his program to do the same function for years without the extreme cost.
Justin Goldberg
· 1 year ago
I should have said banks web interface
lazysupper
· 1 year ago
I signed up for Mint. I thought I'd be able to use nicknames for my accounts, credit cards, and loans. I was stunned when they asked for my bank account numbers, passwords, etc.
They are using Yodlee as their back-end, saying Mint does not store your info. However, they "access" your info and accounts "from time to time" to update your Mint account.
They require a lot of faith in their encryption and security.
For now... not a chance.
Rose
· 1 year ago
The developer of monkeydance personal finance manager has been trying to get banks to allow his program access for years. I bet that someday banks will be forced to have some kind of universal api that works with every bank (securely of course)
Rose
· 1 year ago
Whoops, I meant to say moneydance. Steve Ballmerian slip.
Jeremy
· 1 year ago
I gave it a try. It doesn't do enough to warrant my trust. Plus they say they do not store your info but, as a web app builder, I have to point out that it is impossible for them NOT to store your info. It is stored in some format, possibly in an encrypted format, but that encrypted format is obviously a format that can be used to access your account info...otherwise, how do they do it? think about it. Also, here is the thing that scared me away. I used the Forgot Password feature. It sent me an email and the link in the email takes you right to a place where you can change your password. No extra security features. So if somebody hijacks your email (which is soo much easier than you might think) they will be able to quickly get all your mint info just by clicking a couple links. WATCHOUT.
BTW, another security tip. If you use your email address as a login at ANY site, never use the same password for as you need for your login. Your password is often stored in a raw format in a db where admins can just see it, and log directly into your email account. I have seen this with my own eyes, databases with thousands of email address / password combos, where probably 50% are using the same password as their email yahoo or gmail account.
Loren
· 1 year ago
Thanks for your input Jeremy. It's only a matter of time before Mint is hacked into. I had a card that I used with Mint, but I got it changed very soon after.
justingoldberg
· 1 year ago
Is it possible to store the info in a hashed form, where it is only one-way encrypted? I guess that depends on how yodlee works exactly. Shouldn't the mint.com sock puppets and astroturfers be somewhere close by?
Use a different password for paypal, the bank, ebay, etc....
Amy
· 1 year ago
Agreed! I was skeptical of the safety of Mint.com, and this confirmed it for me. Thx!
Maria
· 1 year ago
Can't trust this new site just yet especially when it requires banking passwords.
All Comments
In any case, banks need to open up their data with a secure, non-proprietary api for things like this. The developer of moneydance personal finance manager has been trying to get banks to allow his program to do the same function for years without the extreme cost.
They are using Yodlee as their back-end, saying Mint does not store your info. However, they "access" your info and accounts "from time to time" to update your Mint account.
They require a lot of faith in their encryption and security.
For now... not a chance.
BTW, another security tip. If you use your email address as a login at ANY site, never use the same password for as you need for your login. Your password is often stored in a raw format in a db where admins can just see it, and log directly into your email account. I have seen this with my own eyes, databases with thousands of email address / password combos, where probably 50% are using the same password as their email yahoo or gmail account.
Use a different password for paypal, the bank, ebay, etc....
Nooopppp!!