I love Mint.com. They have spectacular visual design, a great product, an entertaining and informative blog, and a great iPhone app. I know tons of people who love Mint.com, and yet, when surveying my digital life with a critical eye, I know of no greater security risk than Mint.com. It’s still astounding to me that Mint could grow from a small startup to being acquired by Intuit in the space of a few years and essentially retain unlimited liability by storing user’s logins and passwords to their entire financial lives. Yikes. If I were turned to the dark side, I would immediately attempt to hit Mint for their millions of users credentials which provide me completely unfettered access to their accounts, most of which are not FDIC insured. This means that when someone hacks Mint, they’ll be able to pull out all of my money, transfer it, etc., and I’ll be responsible because from the financial institution’s perspective they aren’t liable for me entrusting my credentials to a third party.
via PEEBS.ORG – An Open Letter to Mint.com: Stop storing my bank credentials!. I know all this, that Mint is an obvious security hole in keeping my personal digital life secure but I keep using them. What does that say about a company which I recgonize as a security hole in my life but I keep using them? The author is right though, people desire the abilities and tools Mint provides but the banking institutions really need to provide a third party authentication solution like OAuth which grants Mint and other sites read only access to the data.