For over a decade or so we have been using GNU Cash to keep track of our personal finances. We, and by “we” I mean Mary Lou, have been meticulously recording every expenditure from mortgage payments to sodas from the gas station and reconciling them with our bank statements. As we tend to use credit cards for the points, each purchase involves 4 entries in the ledgers (debit from the credit card, payment to expenses, debit from the checking account, payment to the bills envelope (virtual account within checking)). As life gets more and more hectic, this is becoming less and less appealing. We have also struggled with the granularity of our envelopes and expense categories, continually tweaking them to balance between simple entry and detailed reports.
A friend recently reported using Mint.com and being a fan of their automated expense categories. They have a number of appealing features – like mobile access, email notifications, and lots of useful reports. These are things I either can’t do or take too much time with our current system. However, the aggregated financial service scares me from a security perspective.
Mint claims no money can be moved around from within Mint. OK good. Let’s assume for a moment that they have reasonable encryption and security processes in place to prevent a hacker from mining my passwords to my financial institutions. There is still the risk of exposing our financial information to anyone who manages to acquire our Mint.com password. Single point of failure. I’m not sure exactly how much damage someone could do with the read-only access, but I’m sure someone more clever than me can come up with some way to do something devious with it.
To address the common defense of “Mint.com is far more secure than the average laptop.” Undoubtedly true. They aren’t more secure than MY laptop though, at least not by much. They are also a much MUCH bigger target than the average laptop since there is so much bigger a reward waiting for a would be hacker than pictures of grand kids and a few weeks worth of CPU cycles for the latest bot net.
Now stepping back and not making the assumption of good security practices at Mint.com. Let’s assume they have every intent of having good security protocols in place, that doesn’t guarantee successful implementation of said protocols. So if some new guy, or even their senior security gal who had a late night, introduced a bug which caused the plain text password to be stored in an identifiable memory address for a short period of time and some creative villain noticed and managed to glean a few of these passwords, the results could obviously be catastrophic for those users.
So to all of those of you who are more security savvy than I am on a deeply technical level, please weigh in here and let me know your thoughts. I’d like to use the service, but I need to be convinced the risk is a reasonable one first.