How Secure is Mint.com?
Leo Laporte brought up a really good point on this week’s TWiT. Should we (the users) surrender our bank account numbers and passwords to Mint? Mint, for those who don’t know, is an online money management tool that will supposedly save you money and allow you to keep a really close eye on the money you spend. The only question is security.Banks and credit card firms spend millions, if not hundreds of millions on keeping people’s information safe, but they still end up misplacing a “laptop” with account numbers of a few thousand people. A relative works for a company that creates applications for credit card processors. They get 10,000 attempted breaches a DAY and they don’t even use or have any legit credit card information. If the big companies are having trouble keeping information safe, then why should we trust Mint?
Like me, most think of Mint as another web service, but it’s a web service that uses (and could someday lose) your account numbers. Personally, I had put my PayPal account into Mint to try it out because my bank account didn’t work in Mint. Now I’m glad it didn’t work. We need to remember that for every good website there are a hundred more that are trying to access your information maliciously. I’m not saying Mint is going to ever lose your money, but a close eye should be kept on them.
I don’t want to surrender my information for better deals or a cool interface no matter how good the deal or how slick the interface is. Want a much safer alternative? Try an application like Quicken or just use your banks online banking site.
Oct 10, 2007 at 7:42 am
www.topcreditcardsadvice.info » How Secure is Mint.com? says,
[...] LOR3N wrote a fantastic post today on “How Secure is Mint.com?”Here’s ONLY a quick extractBanks and credit card firms spend millions, if not hundreds of millions on keeping people’s information safe, but they still end up misplacing a “laptop” with account numbers of a few thousand people. A relative works for a company that … [...]
Oct 11, 2007 at 2:58 am
ob81 says,
I brought this point up when it was still n beta. I don’t trust it. I don’t even give all my info to my wife
Jan 29, 2008 at 2:21 pm
Justin Goldberg says,
It gets its data from your banks interface correct?
In any case, banks need to open up their data with a secure, non-proprietary api for things like this. The developer of moneydance personal finance manager has been trying to get banks to allow his program to do the same function for years without the extreme cost.
Jan 29, 2008 at 2:22 pm
Justin Goldberg says,
I should have said banks web interface
Mar 10, 2008 at 5:42 pm
lazysupper says,
I signed up for Mint. I thought I’d be able to use nicknames for my accounts, credit cards, and loans. I was stunned when they asked for my bank account numbers, passwords, etc.
They are using Yodlee as their back-end, saying Mint does not store your info. However, they “access” your info and accounts “from time to time” to update your Mint account.
They require a lot of faith in their encryption and security.
For now… not a chance.
Mar 14, 2008 at 7:21 am
Rose says,
The developer of monkeydance personal finance manager has been trying to get banks to allow his program access for years. I bet that someday banks will be forced to have some kind of universal api that works with every bank (securely of course)
Mar 14, 2008 at 7:26 am
Rose says,
Whoops, I meant to say moneydance. Steve Ballmerian slip.
Apr 14, 2008 at 4:50 pm
Jeremy says,
I gave it a try. It doesn’t do enough to warrant my trust. Plus they say they do not store your info but, as a web app builder, I have to point out that it is impossible for them NOT to store your info. It is stored in some format, possibly in an encrypted format, but that encrypted format is obviously a format that can be used to access your account info…otherwise, how do they do it? think about it. Also, here is the thing that scared me away. I used the Forgot Password feature. It sent me an email and the link in the email takes you right to a place where you can change your password. No extra security features. So if somebody hijacks your email (which is soo much easier than you might think) they will be able to quickly get all your mint info just by clicking a couple links. WATCHOUT.
BTW, another security tip. If you use your email address as a login at ANY site, never use the same password for as you need for your login. Your password is often stored in a raw format in a db where admins can just see it, and log directly into your email account. I have seen this with my own eyes, databases with thousands of email address / password combos, where probably 50% are using the same password as their email yahoo or gmail account.
Apr 14, 2008 at 9:37 pm
Loren says,
Thanks for your input Jeremy. It’s only a matter of time before Mint is hacked into. I had a card that I used with Mint, but I got it changed very soon after.
Apr 21, 2008 at 8:24 pm
Justin Goldberg says,
Is it possible to store the info in a hashed form, where it is only one-way encrypted? I guess that depends on how yodlee works exactly. Shouldn’t the mint.com sock puppets and astroturfers be somewhere close by?
Use a different password for paypal, the bank, ebay, etc….
May 14, 2008 at 2:46 pm
Financial Software Alternatives? - Kia Forum says,
[...] Eh, found this thread and decided not to use it. How Secure is Mint.com? at r3fresh.com [...]