- I don't get it.

If I asked you, as a reader, to post your online banking user name and password in the comments below this post, you wouldn't do it would you? Yet tens of thousands, if not millions of people now use and their mobile app and I can't decide whether or not to try it myself. It's a finance aggregator service - gives you access to all your accounts in one place, can post alerts via email or SMS etc. Very handy, but the single biggest red flag (and it is a huge, flapping, Texas-sized flag) is that you have to give all your personal details used to log into banking websites, including secret questions and answers, login user names, passwords - everything.
Mint goes to great lengths to try to explain how this is all safe and secure and how the connection they make with your bank is one-way, meaning it's a read-only service and that no transactions can be made with their software. That's fine, but they're still storing ALL my login information and if/when THAT gets stolen, anyone has full access to all my money. Not just one account, like a single bank being hacked, but EVERY account. So what about the likelihood of that happening? I'd say hackers are far more likely to try to break the database than they are to remote to my machine at home, if it's on, then try to find my details that way. What about rogue employees with access to the database. Sure it's encrypted but copy a chunk to a thumb drive and take it home to work on it and I'm sure it's not unbreakable. Even their security FAQ points out that "some" of their employees have unrestricted access to all your account details!

For to be properly secure, it needs to maintain 100% watertight security 24/7 which is impossible. One of the biggest flaws is no password lockout. Meaning you can brute-force attack an account until it lets you in. And you can determine who has an account by brute-forcing email addresses into their login page (again without a lockout).'s terms of service specifically preclude you from any protection in the event that they are hacked or if there is a security breach or data theft. So if that happens, don't cover you, and your bank doesn't cover you because you willingly gave away all your login details.

Then there's the legal aspect. Most online banks have something like this in their legalese: should I knowingly release the password to any other party (other than power of attorney transfer or when under duress) I absolve the bank of limiting my liability for larcenous activities. Meaning if I give all the details that wants about my account to them, then my bank is no longer responsible for any problems arising as a result.

Google "is safe?" and watch the results flood in. Hundreds of articles asking the same question I am.

I just don't get it - are millions of people really that stupid or have I missed something here?

Is safe in 2010?
How I would hack into your account


Anonymous said…
You're assuming that people actually read the small print. IMHO they are far more likely to ignore them and then plead total ignorance at the first sign of trouble.
Mystery Girl said…
I would never do that. I can see how convenient that would be but and the but is bigger than JLo's that's all your eggs in one basket.

They had a report on the news this morning about crims developing innocent looking apps that you download to your smart phone and they steal all your bank details and personal info. How long before we have firewalls around our IPhones?

Popular posts from this blog

Hope tries the just-out-of-the-shower look.

Next up : the oxygen surcharge.

Jennifer Wilbanks - crazy-eyed cracker.