We’re arguing about semantics now, which is pretty pointless. I’m not trying to defend Mint’s mistake. Was there a design flaw/bug with the password rules? Yes. Did they fix it promptly? Yes.

What I am defending Mint from is people who make a baseless generalization that because there was one design flaw, the whole system must is flawed and can’t be trusted. I think you’re blowing it out of proportion, and you’re not backing it up with solid evidence.

You warn about “providing all your username and password information to a single source”, but if you had read about the how Mint works, you would have known that none of that information is stored on Mint’s servers.

Sure, there’s still a risk involved, like any system you use. If someone breaks into your Mint account, they’ll be able to see the balances and list of transactions on all of the accounts you added to Mint. However, they WON’T have all of your usernames, passwords, and account numbers because none of that information is stored.

As the Mint employee mentioned in the GRS comments, you’re still more likely to get your financial information stolen locally.

I worked at Amazon.com, and I know full well things are launched before they are complete, and there are inevitably bugs and problems along the way. However, neither they, nor the video game company you worked for dealt in personal finance information. It is not equivalent if a bug exists in a video game and a particular game gun doesn’t work on the second level, when compared to the possible hackability of a personal finance website.

I can only reiterate my basic thought on the password issue: if they overlooked this, what else did they overlook, and what’s going to have to happen for that to be discovered and what customer information will be compromised until then?

Hahaha, fitting that you asked a Microsoft person about bugs. I’ve developed software at a large video game company with over 300 QA testers, and guess what? There are still bugs in the final release of every game. Why? Because we’re human.

While bugs can refer to something that prevents the user from accomplishing a task, it can also be used to describe design flaws.

Yes, Mint is not Yodlee, but it’s basically a front end for it. Using it is just as safe as using Yodlee itself or any other system that uses Yodlee, like Bank of America, because Mint never actually stores your credentials. I’m not sure how to explain it any simpler than that.

As far as your comments on their recommendations and marketing, I agree that they’re going to be biased, since they want to make money from their sponsors. That’s why I’m personally not using that part of Mint. However, they’re providing this service completely free. If you want the added benefits that you described, I would expect to have to pay for that service.

I log into my bank myself, download the ofx data for the current statement period, import it into my finance software, then reconcile by matching the receipts into the imported data.

To reiterate from my grs comment on the bug issue, I spoke to a software developer I know, who works at Microsoft, and his definition of a bug (which I verified at other sources) is: “something with prevents the user from accomplishing a task.” Since mint was clearly not *only* allowing letter-only passwords, it was obviously not a bug. It was a design flaw. One of the guys who responded to a post of mine, and is an employee of mint, name-dropped that he used to work at PayPal. To my way of thinking, it seems like he missed learning and/or understanding some basic lessons in account security, and that mint skimped on having a QA team to properly and comprehensively test these things.

When a site dealing with personal information, of any kind, doesn’t create security protocols to protect “people who don’t know any better,” how exactly is that site supposed to be considered taking a vested interest in their user’s safety? Hacking doesn’t have to occur in a mass form — it could be simply someone who steals a laptop and looks at the bookmarked links, or browser history, for financial websites. Are you saying that because someone doesn’t “know any better” is more responsible if their account information is compromised?? Especially when the site didn’t *require* them to create a better password? To me, that’s a highly flawed argument, and placing the blame on the wrong entity. At the time, (this is from what an employee of mint wrote) mint was merely “suggesting” or “recommending” that users create a complex password. Does that really inspire your confidence? The online email providers I use require more than just letters just to create an email account! So, then, what is it that say, Yahoo or Google, know that mint doesn’t? They know, like other banks, that not all users are particularly security savvy, and need to be prompted to create a smart password to protect their information. Are you really confident that a financial website that went live required less password security than an online email provider??

I agree with other people who have said that Yodlee seems like a better service. But mint is not Yodlee. While Yodlee almost certainly has their own protocols for transferring the password and username data, that’s Yodlee’s security…not mint’s.

As to using personal information for targeted marketing, if you’re fine with that then there’s nothing I can say about it and I respect that decision of yours. For me, though, unless the targeting can take all things into consideration, I just see that as flawed, too. If we take the example of a cell phone service plan, consider this: yes, it might be cheaper per month to switch, but are you going to get the same coverage for your needs? Does it take into consideration what you may have to pay to break your existing contract? Does it take into consideration that some phones work exclusively with a particular, or particular set, of service providers, and you might have to buy another phone? Does it take into consideration any service packages that you have, which the other provider may not offer (or offer at different/higher rates)? There are just far too many variables, for this particular example — but they will still make recommendations based solely on your final cost.

This is also true for credit cards — sure, so-and-so might offer a lower rate, but what if someone doesn’t read the fine print and it’s only a teaser rate and the regular rate is higher than what they currently have? The argument that people should read everything and understand what they’re getting in to (and I agree with this) doesn’t work — because people with chronic debt problems look for quick fixes and won’t necessarily read the fine print. My fear is that people with credit problems will see things like that, make the switch, and then have *worse* financial problems down the line. I don’t think that because someone has problems with credit means that all their choices are their fault. If a site is going to be promoting credit card rates, for example, I’d personally feel a lot better if they were standing behind the rate by saying “we’ve researched this, and this is an all around better deal than what you currently have” — instead of them just promoting another bank because that bank is paying them for the advertising space. For people with credit problems, this just seems highly dangerous. What if someone has bad credit and they apply for a different card? Their credit report gets dinged, and they probably won’t get the card. Ergo, they end up in a *worse* position than before.

Your “bug” argument makes me laugh. Do you really think there’s a system out there that’s “bug”-free? The “bug” you mention isn’t even high risk, since it would only affect users that don’t know any better than to use “password” as their password.

Regarding the recommendations, Mint doesn’t force any offers upon you. I really don’t care if they use my data to pitch to advertisers, because they are providing me with a really helpful service completely free.

As far as security is concerned, “Mint uses Yodlee to connect to your financial institutions. This is the same back-end aggregation system used by Bank of America, Fidelity, and Microsoft Money. Yodlee’s security practices have been audited by the NSA, Visa, Mastercard, and numerous major banks.”

There’s a good description of the security behind aggregators like Yodlee in this article:

How safe are one-stop financial web sites?

It would basically take a movie script heist to break into something like Yodlee. With that being said, a lot of people have written great reviews about Yodlee. I think I might try it out.

Then too, there is also the whole data mining issue. I’m not going to use a site that specifically reviews what banks I use, and then use that information to provide me with recommendations — because they are obviously using that information in their pitch to advertisers. Um, no.

Regarding Ing, that was based on several of the commenters. Like I said, there’s no way in the world I’m going to use that site and personally test which accounts it is/n’t possible to link to. (And Ing was only one of several banks that they couldn’t link to [at the time that article was written and people were originally commenting].)

It shouldn’t take someone with an advanced understanding of website security design to see the security problems they’ve already had, and (more importantly) providing all your username and password information to a single source. Sure, they say it is stored elsewhere — that just means there is another conduit that it could be intercepted from, by a smart hacker. When security design flaws/holes are obvious and are not fixed until *after the fact*, and people who specialize in site security criticize a site’s security, why would you want to use it?

But hey, if you’re comfortable with lacksadasical security measures, waffling from mint employees about basic security design flaws, and are ok with letting them use your financial information so *they* can make money, placing all your financial information on a website that can explicitly tell a hacker just how and when you use your money, then sure: use mint.

Finally, regarding whether or not people practice what they preach: do you trust Suze Orman? Currently, she invests her money exceedingly conservatively — primarily *not* in stocks. So why would you take her advice to invest in the stock market? See: http://www.nytimes.com/2007/02/25/magazine/25wwlnq4.t.html?ex=1330405200&en=48468686702a853c&ei=5124&partner=permalink&exprod=permalink

I checked out the article about Mint on Get Rich Slowly and noticed that you’ve been active in the discussion on that thread. You seem to be extremely critical of Mint even though you haven’t even used it yourself.

I think everyone is entitled to their own opinion, but if you’re going to argue against using Mint, please try it out for yourself first. Then you could back up your argument with firsthand experiences instead of using second hand sources which may not be accurate. For example, you mention that you can’t link to ING accounts. I’ve actually used Mint, and it linked to my ING account just fine.

Personally, I find it easier to trust advice from people who have actually tested out a product before they decide whether or not to recommend it.

The only real “major” problem I found with Mint was the inability to add my FNBO Direct online savings account simply because Mint did not have it on their list of banks. Besides that, only the labeling of transactions and miscellaneous items were slightly off, but not enough to completely skew a spending trend.

Overall, I prefer BofA’s My Portfolio. It feels more convenient for a BofA member. Less clicks and less keeping up with more sites.

(Also, the English major in me wants to point out that it probably piqued your interest, and didn’t peak your interest.)

There was an article about this recently, on the getrichslowly blog, which has a great deal of insight and information about the site. For example, you can’t link to Ing accounts, and you can’t link to any account that has a security photo step. Or student loans. Or mortgages.

From the comments on getrichslowly, the employees (including the president) of mint aren’t straightforward (e.g. what can be considered a serious website design flaw in security is repeatedly called a “bug”). That certainly doesn’t inspire confidence — *especially* when that company is asking to be entrusted with a person’s complete personal finance information.

Personally, I wouldn’t trust Mint at all.

if you do try mint, I’d like to hear about it though, I’ve thought about trying it, but not sure for the same reason.

But I prefer to do most of my financial work off-line. I worry about putting too much info on the Internet.

I did try mint but after about a week or so I felt weird about all the info they had, so I took my info out and deleted my account.