Personal Capital Software

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills
Post Reply
Topic Author
DKD
Posts: 35
Joined: Mon Feb 01, 2016 9:29 pm

Personal Capital Software

Post by DKD » Wed Jun 05, 2019 8:04 pm

I'm evaluating a couple of retirement planning software programs available online. One is Maxifi and the other is Personal Capital. The former is $150, the latter is free. Personal Capital is a bit more user friendly, but it taps directly into your investment portfolio, after you give them your username and password to to your accounts. Does anyone know how safe this is from misuse or hacking, relative to best practices? I like using Personal Capital but I don't have a way to evaluate the risk of providing access to my accounts, other than what the reviews say on Google. All say it's safe. Any advice or input would be greatly appreciated.

student
Posts: 3505
Joined: Fri Apr 03, 2015 6:58 am

Re: Personal Capital Software

Post by student » Wed Jun 05, 2019 8:19 pm

I use Personal Capital but I do not let them access my accounts. I entered everything manually once and I update it on my schedule.

Topic Author
DKD
Posts: 35
Joined: Mon Feb 01, 2016 9:29 pm

Re: Personal Capital Software

Post by DKD » Wed Jun 05, 2019 8:32 pm

student wrote:
Wed Jun 05, 2019 8:19 pm
I use Personal Capital but I do not let them access my accounts. I entered everything manually once and I update it on my schedule.
That's a great idea. I'm trying to find where it allows you to enter in manually. Can you please help point me in the right direction. Thank you!

classicindexer
Posts: 64
Joined: Tue Apr 09, 2019 10:43 am

Re: Personal Capital Software

Post by classicindexer » Wed Jun 05, 2019 8:34 pm

When it asks you to add an account from the list I think if you scroll to the bottom there's a manual option.

student
Posts: 3505
Joined: Fri Apr 03, 2015 6:58 am

Re: Personal Capital Software

Post by student » Wed Jun 05, 2019 8:40 pm

DKD wrote:
Wed Jun 05, 2019 8:32 pm
student wrote:
Wed Jun 05, 2019 8:19 pm
I use Personal Capital but I do not let them access my accounts. I entered everything manually once and I update it on my schedule.
That's a great idea. I'm trying to find where it allows you to enter in manually. Can you please help point me in the right direction. Thank you!
Click link account, then enter big dumb bank. They cannot find it and then you can choose manually add option. Repeat for other accounts.

mhalley
Posts: 7266
Joined: Tue Nov 20, 2007 6:02 am

Re: Personal Capital Software

Post by mhalley » Wed Jun 05, 2019 10:30 pm

I don’t think there have been any breeches with aggregators so far. If you are concerned, you could link the accounts, do the planning, them de link them.

xavierr
Posts: 25
Joined: Sun May 05, 2019 11:24 am
Contact:

Re: Personal Capital Software

Post by xavierr » Thu Jun 06, 2019 3:51 am

You can also link your accounts to import your data and then change your password on your broker’s website. Once you change your password, Personal Capital doesn’t have access to your account anymore: the data will stop updating automatically, but any data already in the web app will stay there.

User avatar
Wiggums
Posts: 1217
Joined: Thu Jan 31, 2019 8:02 am

Re: Personal Capital Software

Post by Wiggums » Thu Jun 06, 2019 4:29 am

The Financial Industry Regulatory Authority recently issued a strongly worded warning to investment companies and investors about the dangers of sharing account data with aggregators so consumers can access third-party services.

https://www.americanbanker.com/news/is- ... -on-target

MittensMoney
Posts: 173
Joined: Mon Dec 07, 2015 10:59 pm

Re: Personal Capital Software

Post by MittensMoney » Thu Jun 06, 2019 12:39 pm

Personal Capital uses a read-only API connection which is the safest way to link your accounts to anything. If you're still uncomfortable then enter the info manually -- I would recommend AGAINST changing your passwords periodically to link/de-link them to the software, the simple act of keying your passwords into a web browser to do this will be your biggest risk to compromise.

User avatar
vineviz
Posts: 4665
Joined: Tue May 15, 2018 1:55 pm

Re: Personal Capital Software

Post by vineviz » Thu Jun 06, 2019 12:41 pm

MittensMoney wrote:
Thu Jun 06, 2019 12:39 pm
Personal Capital uses a read-only API connection which is the safest way to link your accounts to anything. If you're still uncomfortable then enter the info manually -- I would recommend AGAINST changing your passwords periodically to link/de-link them to the software, the simple act of keying your passwords into a web browser to do this will be your biggest risk to compromise.
+1

I confidently let PersonalCapital automatically sync my brokerage and 401k accounts.
"Far more money has been lost by investors preparing for corrections than has been lost in corrections themselves." ~~ Peter Lynch

classicindexer
Posts: 64
Joined: Tue Apr 09, 2019 10:43 am

Re: Personal Capital Software

Post by classicindexer » Thu Jun 06, 2019 1:08 pm

DKD wrote:
Wed Jun 05, 2019 8:04 pm
I'm evaluating a couple of retirement planning software programs available online. One is Maxifi and the other is Personal Capital. The former is $150, the latter is free. Personal Capital is a bit more user friendly, but it taps directly into your investment portfolio, after you give them your username and password to to your accounts. Does anyone know how safe this is from misuse or hacking, relative to best practices? I like using Personal Capital but I don't have a way to evaluate the risk of providing access to my accounts, other than what the reviews say on Google. All say it's safe. Any advice or input would be greatly appreciated.
Whether or not is a best practice can be argued either way. Financial instuitions have in their terms not to share your credentials with 3rd parties/other individuals. Even though the bank feed is supposed to be read only, Personal Capital has a copy of your usernames and passwords. Not sure if they can be decrypted or not.

I grew tired of the Personal Capital bank feed import failing with various retirement accounts. I had to work with Personal Capital Support multiple times and since they use Yodlee to get the data, it took weeks or months sometimes for it to be fixed. So the balances were wrong while it was unable to sync/import which was frustrating.

I chose to no longer link my investment accounts in Personal Capital as I moved my retirement account investment tracking into an Excel spreadsheet with Office 365 stock data to pull in prices and I manually update my # of shares in it. I now have a Personal Capital account with no accounts and only use it for the retirement planner based on manually entered numbers. I compare those forecasts to Portfolio Visualizer's Monte Carlo simulation https://www.portfoliovisualizer.com/mon ... simulation.

rascott
Posts: 491
Joined: Wed Apr 15, 2015 10:53 am

Re: Personal Capital Software

Post by rascott » Thu Jun 06, 2019 1:30 pm

I'd argue that it is actually SAFER to view all you accounts through PC, than it is directly via your computer on your broker's/bank website.

Who do you think has better IT security? PC or wherever you have on your home computer? Which is requiring you to transmit your username/passwords from your browser every login.

Pls much easier to see something out of whack somewhere.

dcdowden
Posts: 163
Joined: Sun Sep 28, 2014 11:42 am

Re: Personal Capital Software

Post by dcdowden » Thu Jun 06, 2019 2:32 pm

I have been using PC for a few years and have stopped using Quicken. PC was much more reliable in maintaining the linkages to my various accounts. I have linked brokerage accounts at Vanguard and Fidelity as well as various bank and credit card accounts. I download all the transactions from PC each year in order to summarize our income and expenses. I also use Fidelity Full View for tracking our brokerage and bank accounts. Full View has more intermittent lapses in the linkages to some of the accounts. Both PC and Fidelity have good retirement planning tools using Monte Carlo simulations.

MrJones
Posts: 342
Joined: Sat Mar 18, 2017 2:23 am

Re: Personal Capital Software

Post by MrJones » Thu Jun 06, 2019 2:40 pm

MittensMoney wrote:
Thu Jun 06, 2019 12:39 pm
Personal Capital uses a read-only API connection which is the safest way to link your accounts to anything.
The real risk is not Personal Capital's API, but that the servers on which they store your password might get compromised by a malevolent third party.

pkjr
Posts: 54
Joined: Thu Aug 09, 2018 7:01 am

Re: Personal Capital Software

Post by pkjr » Thu Jun 06, 2019 3:50 pm

third-party software does not store your passwords. It's not how this works.

Explorer
Posts: 230
Joined: Thu Oct 13, 2016 7:54 pm

Re: Personal Capital Software

Post by Explorer » Thu Jun 06, 2019 3:59 pm

pkjr wrote:
Thu Jun 06, 2019 3:50 pm
third-party software does not store your passwords. It's not how this works.
Passwords HAVE TO BE STORED somewhere in order to allow loggin into your borkerages/banks. They use Yodlee for that - their claim is Yodlee is impenetrable from security standpoint. I do not buy that.

MittensMoney
Posts: 173
Joined: Mon Dec 07, 2015 10:59 pm

Re: Personal Capital Software

Post by MittensMoney » Thu Jun 06, 2019 5:58 pm

Explorer wrote:
Thu Jun 06, 2019 3:59 pm
pkjr wrote:
Thu Jun 06, 2019 3:50 pm
third-party software does not store your passwords. It's not how this works.
Passwords HAVE TO BE STORED somewhere in order to allow loggin into your borkerages/banks. They use Yodlee for that - their claim is Yodlee is impenetrable from security standpoint. I do not buy that.
I'm always confused by people stating they know nothing is impenetrable. No doubt that's a true statement, obviously. But what's also obvious is if a hacker is willing to go through the time & effort to break through the highest level of security, why wouldn't they hack into Vanguard or Merril Lynch or Charles Schwab where their effort will be better rewarded? Imagine if a group of thieves broke into Fort Knox, only rather than Fort Knox it was an exact replica of Fort Knox in Nebraska and it was filled with steel bars rather than gold. If you're going to put in that level of effort you'd go after the target with the greatest reward.

Besides, anyone who actually cares about online security has 2-factor authentication enabled. Problem solved.

Barloso
Posts: 10
Joined: Fri Mar 08, 2013 4:34 pm

Re: Personal Capital Software

Post by Barloso » Thu Jun 06, 2019 6:33 pm

I used maxifi for a few years and found it helpful. I had an introductory offer at a lower cost.

MaxiFi Planner® Standard $99 Per Year $79 renewal*
MaxiFi Planner® Premium $139 Per Year $99 renewal*

Hockey10
Posts: 533
Joined: Wed Aug 24, 2016 12:20 pm
Location: Philadelphia suburbs

Re: Personal Capital Software

Post by Hockey10 » Thu Jun 06, 2019 6:51 pm

I used PC for a couple of years for all of my accounts. Then I read a few posts on Bogleheads that made me nervous. I have no idea from a technical standpoint if my accounts are at risk or not by using PC. But, there were enough people on Bogleheads who said it was a potential problem. So, I de-linked my Fidelity and Vanguard accounts and changed the passwords. (My "big" money is split between Fidelity and Vanguard).

Now I have 2 checking accounts and 4 credit cards still live on PC. This gives me a good daily snapshot of where my spending is taking place. Both checking accounts have a minimal amount of money in them, so I have no worries with my current setup at PC.

LSLover
Posts: 168
Joined: Thu May 19, 2016 1:39 pm

Re: Personal Capital Software

Post by LSLover » Thu Jun 06, 2019 6:59 pm

Let’s assume that your Vanguard login info from PC (or any other aggregator) has been hacked.

What can the hacker possibly do with that info if you have all possible protections set up, such as:
- 2FA
- email notifications of every requested transaction
- voice recognition

I invite all realistic scenarios to be thrown at me...

User avatar
LadyGeek
Site Admin
Posts: 55811
Joined: Sat Dec 20, 2008 5:34 pm
Location: Philadelphia
Contact:

Re: Personal Capital Software

Post by LadyGeek » Thu Jun 06, 2019 7:46 pm

This thread is now in the Personal Finance (Not Investing) forum (financial software).
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.

softwaregeek
Posts: 164
Joined: Wed May 08, 2019 8:59 pm

Re: Personal Capital Software

Post by softwaregeek » Thu Jun 06, 2019 11:30 pm

I worked in the security software industry for years.

I strongly agree that two factor authentication is the best security thing you can do.

Basically, it means having something you know and something you have.

You know the password. You get something with a randomly generated number (an app or a keychain fob token) that is like a second password.

The best method is a hard token in your physical possession. The second best is an app. The third best is to enable SMS verification (text to your phone). If a bank or broker does not offer at least one of these methods, it is highly suspect in my opinion.

You also should use a password manager. There are many out there and many are good. LastPass has a free version that is very good, but there are others. The key is to have a long, randomly generated password.

mchampse
Posts: 253
Joined: Mon Feb 26, 2007 1:45 am

Re: Personal Capital Software

Post by mchampse » Fri Jun 07, 2019 1:34 am

Some banks are apparently adopting OAuth2 which would be a much more secure way to go. I’m actually surprised that it isn’t standard by now as fintech has been around almost from the beginning and my bank passwords are probably more important than my Facebook password.

There’s no such thing as completely secure. The NSA got hacked a while back. Banks and Yodlee are probably simple in comparison. The name of the game is find a vulnerability. It might be more lucrative to hack BofA, but if you find a vulnerability in a data aggregator that’s what you end up doing. I’ve seen much less consequential sites get hacked.

MrJones
Posts: 342
Joined: Sat Mar 18, 2017 2:23 am

Re: Personal Capital Software

Post by MrJones » Mon Jun 17, 2019 8:56 am

LSLover wrote:
Thu Jun 06, 2019 6:59 pm
Let’s assume that your Vanguard login info from PC (or any other aggregator) has been hacked.

What can the hacker possibly do with that info if you have all possible protections set up, such as:
- 2FA
- email notifications of every requested transaction
- voice recognition

I invite all realistic scenarios to be thrown at me...
SMS 2FA is easily broken. Several possibilities:
https://www.theverge.com/2017/9/18/1632 ... rd-bitcoin
https://medium.com/@josiah_digibyte/why ... 045aa8c922

LSLover
Posts: 168
Joined: Thu May 19, 2016 1:39 pm

Re: Personal Capital Software

Post by LSLover » Mon Jun 17, 2019 9:05 am

MrJones wrote:
Mon Jun 17, 2019 8:56 am
LSLover wrote:
Thu Jun 06, 2019 6:59 pm
Let’s assume that your Vanguard login info from PC (or any other aggregator) has been hacked.

What can the hacker possibly do with that info if you have all possible protections set up, such as:
- 2FA
- email notifications of every requested transaction
- voice recognition

I invite all realistic scenarios to be thrown at me...
SMS 2FA is easily broken. Several possibilities:
https://www.theverge.com/2017/9/18/1632 ... rd-bitcoin
https://medium.com/@josiah_digibyte/why ... 045aa8c922
Sorry if my question wasn’t clear. I wasn’t asking if the 2FA could be broken. I am sure that everything and anything can be broken. I was inviting to come up with the realistic scenarios as to what might happen if a hacker gets a hold of my Vanguard login info.

pkjr
Posts: 54
Joined: Thu Aug 09, 2018 7:01 am

Re: Personal Capital Software

Post by pkjr » Tue Aug 13, 2019 12:13 pm

Explorer wrote:
Thu Jun 06, 2019 3:59 pm
pkjr wrote:
Thu Jun 06, 2019 3:50 pm
third-party software does not store your passwords. It's not how this works.
Passwords HAVE TO BE STORED somewhere in order to allow loggin into your borkerages/banks. They use Yodlee for that - their claim is Yodlee is impenetrable from security standpoint. I do not buy that.
Nope - read here how this works with 3rd party services
https://searchmicroservices.techtarget. ... tion/OAuth

classicindexer
Posts: 64
Joined: Tue Apr 09, 2019 10:43 am

Re: Personal Capital Software

Post by classicindexer » Tue Aug 13, 2019 1:06 pm

pkjr wrote:
Tue Aug 13, 2019 12:13 pm
Explorer wrote:
Thu Jun 06, 2019 3:59 pm
pkjr wrote:
Thu Jun 06, 2019 3:50 pm
third-party software does not store your passwords. It's not how this works.
Passwords HAVE TO BE STORED somewhere in order to allow loggin into your borkerages/banks. They use Yodlee for that - their claim is Yodlee is impenetrable from security standpoint. I do not buy that.
Nope - read here how this works with 3rd party services
https://searchmicroservices.techtarget. ... tion/OAuth
Banks have to support OAuth though, not just Yodlee. Not every bank supports OAuth. Without OAuth Yodlee is not able to use a token to access your bank, I bet they have to store the username and password for your bank.

cognovimus
Posts: 34
Joined: Sat Aug 10, 2019 1:07 pm

Re: Personal Capital Software

Post by cognovimus » Tue Aug 13, 2019 4:29 pm

I am looking for a retirement planning tool that will also me to pick up where my one time financial planner model left off. I've used Fidelity's model and PC (both manually, though I get there are security risks every time you log on to a brokerage or financial account). Security issues aside, could you please explain how MaxiFI differs. What makes it worth paying for? Does the user interface allow for input/updating of customized expenses or only spit out what I "can" spend based on my assets. What does the output provide? Will I get a withdrawal strategy, help with RMDs?

Post Reply