Jan 102013

For over a decade or so we have been using GNU Cash to keep track of our personal finances. We, and by “we” I mean Mary Lou, have been meticulously recording every expenditure from mortgage payments to sodas from the gas station and reconciling them with our bank statements. As we tend to use credit cards for the points, each purchase involves 4 entries in the ledgers (debit from the credit card, payment to expenses, debit from the checking account, payment to the bills envelope (virtual account within checking)). As life gets more and more hectic, this is becoming less and less appealing. We have also struggled with the granularity of our envelopes and expense categories, continually tweaking them to balance between simple entry and detailed reports.

A friend recently reported using Mint.com and being a fan of their automated expense categories. They have a number of appealing features – like mobile access, email notifications, and lots of useful reports. These are things I either can’t do or take too much time with our current system. However, the aggregated financial service scares me from a security perspective.

Mint claims no money can be moved around from within Mint. OK good. Let’s assume for a moment that they have reasonable encryption and security processes in place to prevent a hacker from mining my passwords to my financial institutions. There is still the risk of exposing our financial information to anyone who manages to acquire our Mint.com password. Single point of failure. I’m not sure exactly how much damage someone could do with the read-only access, but I’m sure someone more clever than me can come up with some way to do something devious with it.

To address the common defense of “Mint.com is far more secure than the average laptop.” Undoubtedly true. They aren’t more secure than MY laptop though, at least not by much. They are also a much MUCH bigger target than the average laptop since there is so much bigger a reward waiting for a would be hacker than pictures of grand kids and a few weeks worth of CPU cycles for the latest bot net.

Now stepping back and not making the assumption of good security practices at Mint.com. Let’s assume they have every intent of having good security protocols in place, that doesn’t guarantee successful implementation of said protocols. So if some new guy, or even their senior security gal who had a late night, introduced a bug which caused the plain text password to be stored in an identifiable memory address for a short period of time and some creative villain noticed and managed to glean a few of these passwords, the results could obviously be catastrophic for those users.

So to all of those of you who are more security savvy than I am on a deeply technical level, please weigh in here and let me know your thoughts. I’d like to use the service, but I need to be convinced the risk is a reasonable one first.

  4 Responses to “Looking to simplify personal finances”

  1. I did the gnucash thing for a while back in the early 2000’s and switching to mint just wasn’t a huge improvement for me. It categorizes stuff fairly well, but you still have to check it all over and make sure it did it right. Then it freaked out at one point and duplicated *everything* and that was a real pain (you can google that, lots of people had that problem). If you are worried about the security, the bugginess will probably bother you a lot, I’m just guessing. I’ll admit I haven’t used it much lately, maybe they have cleaned things up.

    Personally, I had a lot of the same feelings about the security (my computers too are more secure than average, thank you), but I figured that when scrutinizing the transactions regularly I’d probably catch something amiss quickly and if the banks, credit cards, and mint want to keep me as a customer (and they really do) they wouldn’t hold me liable for any fraudulent activity. I’ve already seen that in action when someone started buying expensive sporting goods back east with my credit card number (not sure how they got it). Disconcerting, but I was apologized to and things got fixed pretty quickly.

    • Hey Bryan. So what did you end up doing? Back to GNU Cash?

      • Maybe I shouldn’t admit this, but we just got less particular about our finances. We take advantage of the fact that most employers will split your paycheck into multiple direct deposits and we have some of it sent to savings, some to checking, and some to another checking account. The one checking account covers all our predictable, regular monthly bills, mortgage, etc. Savings, along with the 401k deductions and stock plan deductions take care of what we want to save for longer term things. The rest goes to the other checking account from which all our more discretionary stuff is paid for. When that discretionary account is out of money, we stop eating out or buying stuff on newegg until the next paycheck :-)

        We still check our statements over and look for unexpected stuff from time to time, but we don’t save every receipt and reconcile every last cent anymore. We have a couple spreadsheets that we use to do the gross budgeting to decide how much goes into each account. It’s not perfect, but it saves sanity and marital harmony.

        Sometimes I miss gnucash. We were very careful about our spending when we tracked every receipt and we were able to save a lot of money, and the detailed OCD engineer part of me loved having my own record of every penny. The nightly ritual of recording and categorizing every receipt was slowly driving me mad though, it had to stop.

        • I’ve actually suggested that exact same strategy to mlhart – she isn’t sold yet… but I’m liking it more and more.

 Leave a Reply



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>