After reading a bit about mint.com on the money stack exchange, I wanted to give it a try. But frankly, it scares me a little bit.
The site has a bunch of links explaining how they're so secure. I bet it's all true and I believe them that they take a lot of security measures. But one thing is misleading. They act like the site is safer because it is "read only". From their security page
Mint is a "read-only" service. You can organize and analyze your finances,but you can't move funds between–or out of–any account using Mint.And neither can anyone else.That's not what I'm worried about. The thing I'm worried about is if somehow someone steals my passwords to my banking sites. Then they can go and do stuff with my accounts.
This got me thinking, is there something better we could push for to make this kind of service more secure? A few things I can think of off the top of my head that might be on the right track:
- one-time passwords / two factor authentication. I think the main problem with this is that all the services mint is accessing would need to work off the same one-time passwords so that the user would not have to enter each one for
nservices. This means you need a third party to handle this. - Push instead of pull. Other sites would have to add a mechanism to export data to mint. Obviously tough for mint because it requires cooperation -- but seems great for the consumer.
- Getting special auth tokens to give to mint instead of my passwords. Potentially support a mechanism for mint to be able to prove its identity so you only someone who proves they are mint.com can use the token (so stealing the token is not useful unless you can prove you are mint.com)... I guess I'm in OAuth territory here?
I suppose other things that would make me feel better but aren't truly more secure: if all these money/banking sites could send access notifications. Then I might be able to know when mint is accessing vs someone who stole my data and I might have a fighting chance at reacting.
So I suppose I'm asking: what are your ideas on how this could be better? What would the perfect system look like if all these companies would cooperate? Is there a standard protocol for this kind of thing that could become more widespread so that more specialized services could sprout up like this and people could rest easy knowing their data is safe?
(FWIW, I might try it out anyways. If I do, I'm changing all my passwords just for this experiment, then changing them all again once I'm done trying it out.)
