Bogleheads.org

[aadwen]

Is Mint.com safe? It looks like you grant them limited power of attorney by signing up????

By using the Service, you expressly authorize Mint to access your Account Information maintained by identified third parties, on your behalf as your agent. When you use the “Add Accounts” feature of the Service, you will be directly connected to the website for the third party you have identified. Mint will submit information including usernames and passwords that you provide to log you into the site. You hereby authorize and permit Mint to use and store information submitted by you to the Service (such as account passwords and user names) to accomplish the foregoing and to configure the Service so that it is compatible with the third party sites for which you submit your information. For purposes of this Agreement and solely to provide the Account Information to you as part of the Service, you grant Mint a limited power of attorney, and appoint Mint as your attorney-in-fact and agent, to access third party sites, retrieve and use your information with the full power and authority to do and perform each thing necessary in connection with such activities, as you could do in person. YOU ACKNOWLEDGE AND AGREE THAT WHEN MINT IS ACCESSING AND RETRIEVING ACCOUNT INFORMATION FROM THIRD PARTY SITES, MINT IS ACTING AS YOUR AGENT, AND NOT AS THE AGENT OF OR ON BEHALF OF THE THIRD PARTY. You understand and agree that the Service is not sponsored or endorsed by any third parties accessible through the Service.

[TRC]

I used it for about a month canceling my account It was unable to link up a number of my accounts, so it only gave me a partial view of my financial profile. It's free...you get what you pay for.

[junior]

Is Mint.com safe? It looks like you grant them limited power of attorney by signing up????

By using the Service, you expressly authorize Mint to access your Account Information maintained by identified third parties, on your behalf as your agent. When you use the “Add Accounts” feature of the Service, you will be directly connected to the website for the third party you have identified. Mint will submit information including usernames and passwords that you provide to log you into the site. You hereby authorize and permit Mint to use and store information submitted by you to the Service (such as account passwords and user names) to accomplish the foregoing and to configure the Service so that it is compatible with the third party sites for which you submit your information. For purposes of this Agreement and solely to provide the Account Information to you as part of the Service, you grant Mint a limited power of attorney, and appoint Mint as your attorney-in-fact and agent, to access third party sites, retrieve and use your information with the full power and authority to do and perform each thing necessary in connection with such activities, as you could do in person. YOU ACKNOWLEDGE AND AGREE THAT WHEN MINT IS ACCESSING AND RETRIEVING ACCOUNT INFORMATION FROM THIRD PARTY SITES, MINT IS ACTING AS YOUR AGENT, AND NOT AS THE AGENT OF OR ON BEHALF OF THE THIRD PARTY. You understand and agree that the Service is not sponsored or endorsed by any third parties accessible through the Service.

Don't take this as legal advice, but, its says limited power of attorney, which Nolo.com defines as

"limited power of attorney
A power of attorney that gives the agent power to handle only a specified matter -- for example, to sign papers completing a single business transaction or property transfer. (Compare: general power of attorney)"

So my reading is it means you are granting them permission to log in to your financial web sites and doing what's necessary to download your account information. That seems entirely appropriate. It looks like that the extent of the power you are giving them.

[aadwen]

That didn't answer my question....

Seems like the service is excellent. I want to make sure the power of attorney gives them the right to pull my info and nothing else

[junior]

That didn't answer my question....

Seems like the service is excellent. I want to make sure the power of attorney gives them the right to pull my info and nothing else

It posted before yours, so see my post above.

[Ice-9]

I used it for about a month canceling my account It was unable to link up a number of my accounts, so it only gave me a partial view of my financial profile. It's free...you get what you pay for.

You should try yodlee.com instead. As I understand it, mint.com based their product on yodlee.com but made it more snazzy looking and for some reason offer fewer accounts.

Between various retirement and taxable accounts, banks, credit cards, credit card rewards, and monthly bills I have 40 accounts currently being tracked by Yodlee. Most of them were already tracked by Yodlee when I signed up. The two that weren't, I made a suggestion to add them on their forum and used their manual account tracking feature until they added them about two months later.

Very handy - keeps track of my net worth, spending by category, and even gives me warnings for certain events I set in advance happening on certain accounts (ie a deposit or withdrawal above a certain amount, a balance reaching a certain % of the limit, etc)

[sscritic]

You should try yodlee.com instead. As I understand it, mint.com based their product on yodlee.com but made it more snazzy looking and for some reason offer fewer accounts.

Mint post-Intuit-takeover will no longer be using Yodlee for account aggregation.

Intuit has it’s own back-end account aggregation service that it will use instead of Yodlee.

http://www.techcrunch.com/2009/09/18/mi ... s-youtube/

As someone who is unhappy with Intuit, I don't buy TurboTax and I am looking to get out from under Quicken. If I decide to use an on-line aggregator, I will use yodlee, not mint.

[Ron]

As someone who is unhappy with Intuit, I don't buy TurboTax and I am looking to get out from under Quicken. If I decide to use an on-line aggregator, I will use yodlee, not mint.

Just a note on Yodlee. It is used "under the coverers" for FIDO's Full View (as input to the Retirement Income Planner - e.g. "RIP") and linked to M* for portfolio/holdings breakdown when using FIDO products.

I use FIDO's services, along with a separate accont on Yodlee (to pick up my non-retirement and CC accounts).

Sorry, I still do use Quicken (as I have over the last 20+ years )...

- Ron

[downshiftme]

How can any service that you give your passwords to be safe? Of course it's not safe. I'm sure they have procedures to guard the accounts and they used to make a big deal about the fact that they do not store the passwords (they pass them to another company to store. lol)

Many people use the service and seem to feel the risks are acceptable. I think this is far too much risk for me and I would never give them access to my accounts. YMMV.

[Ron]

I think this is far too much risk for me and I would never give them access to my accounts. YMMV.

Simple; then just don't do it ...

As for me? I have an auto-email sent to me for any transaction (that is ANY transaction) that affects my accounts over $1.

I also "pull" my accounts on Vanguard, Yodlee, FIDO, etc. on a daily basis. I'm well aware of what is happening in my account (and my wife's) on a daily basis.

If anything, it is more timely than anything that happened in the "old days" of receiving monthly paper statements.

But if you don't "trust" the system? Then fine; do what you must, in your situation (I'm not here to "convert" you in any manner )...

- Ron

[CaptMidnight]

How can any service that you give your passwords to be safe? Of course it's not safe. I'm sure they have procedures to guard the accounts and they used to make a big deal about the fact that they do not store the passwords (they pass them to another company to store. lol)

Many people use the service and seem to feel the risks are acceptable. I think this is far too much risk for me and I would never give them access to my accounts. YMMV.

Words of wisdom. It is not possible for any outsider to assess the risk. While probably nothing untoward will ever happen, if it does, you might be ruined. How could a mere convenience benefit be worth that risk?

[TRC]

How can any service that you give your passwords to be safe? Of course it's not safe. I'm sure they have procedures to guard the accounts and they used to make a big deal about the fact that they do not store the passwords (they pass them to another company to store. lol)

Many people use the service and seem to feel the risks are acceptable. I think this is far too much risk for me and I would never give them access to my accounts. YMMV.

Words of wisdom. It is not possible for any outsider to assess the risk. While probably nothing untoward will ever happen, if it does, you might be ruined. How could a mere convenience benefit be worth that risk?

With that logic, you should keep your money buried under your house. Any company is open to being hacked, including your bank, credit card companies, investment accounts, etc. (not just mint).

[Steelersfan]

I really like the convenience of accessing cash using my debit card from an ATM, both in the U.S. and when I travel to Europe. Is there a risk? Someone inside the bank or somewhere between the ATM and my bank could steal my account number and password. Sure there's risk, but the convenience way outweighs the risk.

I think that risk is actually greater than giving some information aggregator the right to access my account balance and transaction history.

Disclosure - I worked in technology for a large financial institution who provided both ATM access and information aggregation.

[vgoel]

I used Mint for a number of months and then deleted my account. I did not like Mint employees getting interviewed on TV talking about trends that they were seeing on their site. I run a lot of my life using Google and other cloud based services but I got uncomfortable with Mint.

[mfen]

With that logic, you should keep your money buried under your house. Any company is open to being hacked, including your bank, credit card companies, investment accounts, etc. (not just mint).

Not the same thing. You have legal/fiduciary protections with banks and brokerages. You have government protections and regulations with banks and brokerages. Mint and similar sites are just marketing programs to offer you a service to sell a product, they are not regulated financial institutions. It seems Mint was trying to sell itself, which is a common marketing program for internet websites. They develop a service that drives consumers to their website and when they reach critical mass they market themselves out to the highest bidder, in Mint's case it was Quicken. Fortunately Quicken is a fairly transparent company, but they are just using their aggregator as a marketing tool to sell you software.

If your bank gets hacked you have a substantial probability of getting your money back and you will have the full force of the court systems to help you, not so with some internet aggregator.

[Larry Johnson]

Giving a limited power of attorney to strangers is simply stupid.

[aadwen]

What program can I buy that can do all of this safely with no risk?

[greg24]

What program can I buy that can do all of this safely with no risk?

I was going to say a pen and paper, but someone might come steal that from your house.

[Cloud]

Giving a limited power of attorney to strangers is simply stupid.

I'm with you there.... And what ever happened to your bank not being responsible if you give out your password and it's used to harm you... Once you give out your password to a third party all bets are off and you have no recourse to recover any funds. Good luck.

[Lbill]

Wonder if you are giving limited POA to Quicken also when it accesses your accounts to download transaction data.

[fsrph]

How can any service that you give your passwords to be safe? Of course it's not safe. I'm sure they have procedures to guard the accounts and they used to make a big deal about the fact that they do not store the passwords (they pass them to another company to store. lol)

Many people use the service and seem to feel the risks are acceptable. I think this is far too much risk for me and I would never give them access to my accounts. YMMV.

I agree with you that it's too risky for a 3rd party to know your user name/password for other accounts. But, if anyone has outside accounts linked to your Vanguard acccount they do ask for your login info for the 3rd party site. This is if you want VG to refresh your balances from the 3rd party account. However, I do not know if the limited power of attorney language is in VG's terms of use.

Francis

[CaptMidnight]

What program can I buy that can do all of this safely with no risk?

The first step you might take is to abandon that black and white, either/or approach, in favor of a recognition of assessing levels of risk against varying benefits. While we all know that it is impossible to reduce risk to zero in most cases that hardly implies that risk reduction is futile.

Providing your passwords to another company that does not have a fiduciary responsibility to you merely for the benefit of reporting your transactions with less effort that using Quicken waves a big red flag in my face. We know that most of the hacking (97% is one number I have seen) attacks institutions nots pc desktops on which you are dutifully running a firewall and virus checker. So, providing a rich target for just such an effort seems foolish to me especially when the benefit is something I can provide myself with a little effort and very little cost.

[Steelersfan]

What program can I buy that can do all of this safely with no risk?

The first step you might take is to abandon that black and white, either/or approach, in favor of a recognition of assessing levels of risk against varying benefits. While we all know that it is impossible to reduce risk to zero in most cases that hardly implies that risk reduction is futile.

Providing your passwords to another company that does not have a fiduciary responsibility to you merely for the benefit of reporting your transactions with less effort that using Quicken waves a big red flag in my face. We know that most of the hacking (97% is one number I have seen) attacks institutions nots pc desktops on which you are dutifully running a firewall and virus checker. So, providing a rich target for just such an effort seems foolish to me especially when the benefit is something I can provide myself with a little effort and very little cost.

That's all very true. But how many hacks have been done exploiting userid and passords stored at sites where they've been stored and used to retrieve (in a supposed read only basis) accounts on another site? My knowledge certainly isn't total, but I don't remember hearing of any. Other types of hacks? Many, and serious ones too.

[gh0st]

I use mint.com to track my expenses only. Specifically, I have mint tied in to my credit cards, but *not* my checking, savings, or retirement accounts. Since I run most all of my expenses through credit cards the mint analytics are very useful for looking at spending habits. It has completely replaced my old spreadsheet budget.

I figure that in a wost-case scenario I'm pretty safe since credit card companies are usually good about reimbursing fraudulent charges. With cash accounts it's usually not so easy, so I keep them far away from mint.

[amp]

There are always tradeoffs. I probably have accounts at something like 10-15 financial institutions. Aside from my primary checking account and my brokerage, I just don't log into most of them very often. Consider the risk if some money went missing from one of those accounts, due to theft or bank error or something else. Mint's aggregation provides a safeguard, so I will be aware of any problematic transactions much quicker than if I had to wait until the monthly statement arrived in the mail -- and that assumes that I'd even notice the error on the statement.

I also like that I can have Mint automatically email me if I get charged any bank fees or transaction charges. A $20 or $30 garbage fee is exactly the sort of thing I would miss on a complex statement with many transactions.

[Rajsx]

After hearing about Yodley on this Post (Ice-9), I linked all my accounts (Quite a few) on their Website. This went very smooth, except 1 or 2 accounts which I am still working on.

DW has been using Quicken, which I find difficult to work with. Yodley gives me a very useful, accurate & up to date Summary.

I will keep you posted of any negatives.

Warm Regards

[Cloud]

From my bank:

And do not provide your User ID and Password to anyone else! If you do, we will consider any transactions initiated by someone to whom you have given your User ID and Password to have been authorized by you.

[eas]

From my bank:

And do not provide your User ID and Password to anyone else! If you do, we will consider any transactions initiated by someone to whom you have given your User ID and Password to have been authorized by you.

In the case that mint / yodlee's servers get hacked and your logon data stolen (and is somehow stored unecrypted / poorly salted ), I would imagine that bit of verbiage still wouldn't matter. You didn't provide the user ID and password to the thief, who is initiating the transfer.