Mint.com Free Personal Finance Web-App is Now Live
Posted by Cap in Online Banking |
Welp, there it is.
15 Comments to “Mint.com Free Personal Finance Web-App is Now Live”
Leave a Comment
Next Post:
Stop Buying Crap #20 – 100 Calorie Snack Packs »
Stop Buying Crap #20 – 100 Calorie Snack Packs »
Previous Post:
« Five Things I’ll Pay More for Better Service
« Five Things I’ll Pay More for Better Service
September 18th, 2007 at 12:43 pm
I’ve been using the beta for a few weeks now… everything imports pretty much correctly (the % rate on my savings wasnt’ right) but the frequency it updated wasn’t quite as fast as the individual sites for some reason. That being said, that was the beta, hopefully the live release will keep getting better!
September 19th, 2007 at 8:36 pm
that’s great to know. unfortunately yodlee has been failing me and it hasn’t been working very well for me. ;(
September 21st, 2007 at 10:14 am
Here’s something I’ve wondered for a while… How is it a good idea for me to give a website all of my usernames and passwords to my financial websites? I know that they’re only using it for tracking purposes, but what happens if their data is compromised? It seems like a big risk to me. I’d like to know more about that.
September 22nd, 2007 at 8:33 pm
Hey, thanks for that beta invitation that you promised me. Wait… That’s right… You never sent it. You suck. ;)
September 23rd, 2007 at 6:39 pm
I started to sign up for this maybe a month ago and stopped everything when it started asking me info about my checking account/ savings. I don’t trust anyone with that info.
September 25th, 2007 at 11:07 pm
Great idea in principle, but what about security? Even serious banks have been hacked before (and, newsflash!, some do not disclose it), then why not those guys? And if they tank (the software is free, a make-or-break business model), who will guarantee the server’s hard drives will not be sold by the pound with all your precious data, encrypted or not?
October 2nd, 2007 at 9:17 am
To say that I’m disappointed in the lack of a response to our comments is an understatement. How can I not take that as an implicit admission that sites such as Mint are not necessarily safe? I honestly expected an intelligent response, possibly including some supporting evidence to quell any fears we may have had. I’m sorry to see that hasn’t happened.
October 3rd, 2007 at 2:08 am
Matt #1: Pretty sure they plan to keep making the service better. Upcoming release should include split transaction capability, excluding specific accounts, and of course additional financial accounts such as loans and brokerages (because without those, it’s hardly a complete financial picture).
Nickel: Man I sure do. Sorry about that.
Cindy: I’ve been using Yodlee’s Money Center (which is also used by Mint) for quite awhile now, and it certainly isn’t perfect. I have a feeling it will never be an error-free experience, but on the other hand, I’m not exactly paying for it so for me personally, it’s not too big of a deal. Main reason why I still keep an excel spreadsheet around, plus I don’t track my money every single day as I use to (when I was in debt).
Matt #2, Jodi and Chris: Security is definitely something everyone should consider whenever they utilize a third party software to access their financial information (whether it’s an online or offline application). Before I go further, I should note that I worked at Mint during the summer, so the viewpoints below may be biased (although I’d like to think that I’m being neutral for the sake of readers).
There’s a few reasons why I’m okay with using services such as Mint. For one thing, Mint uses Yodlee to aggregate financial accounts, which is the same service that Microsoft Money and Bank of America My Portfolio uses. Secondly, Mint doesn’t require personal identifiable information to use the service. You only need to input an email address, zip code, and password of your choice – so you are fairly anonymous when you use Mint. It doesn’t ask for name, birthday, address, and it certainly doesn’t ask for SSN. In keeping with limiting information, financial accounts are also stripped of their accounts numbers on Mint.
As Chris said, it’s true that even big financial institutions have been hacked before, but that’s mainly the reason why Mint limits the collection of personal identifiable information. If someone was able to gain access to the data, they will only know limited information: that is, someone somewhere likes to frequent Starbucks.
The service is also independently verified by Versigin, the privacy policy is TRUSTe certified, and of course it uses SSL encryption.
As for data ownership and rights, the privacy policy and terms of service clearly spells out that your data is yours. Your personal information will never be sold or rent to anyone, for any reason, at any time.
In regards to physical data protection, Mint’s servers are in an unmarked, secure facility and access requires multiple levels of authentication, including biometrics scanners. Security personnel monitor the system 24/7. In addition, a Network-based IDS (intrusion detection system) provides 24/7 network monitoring and alerts security personnel to any external attacks on the network.
Here’s my personal view and stance on online security: I’m aware of the risk involved in utilizing online services in return for the convenience and easier access to my data. I minimize those risk by keeping an eye on my accounts (by using said services, which is a bit ironic because they may potentially expand the risk). I limit the spread of my personal information, I change my passwords frequently, I read EVERY privacy/security policy of every service I use, I’m aware of the necessary steps to take when I suspect fraud or problems, and I only utilize accounts/brokerages where transfer capability are behind a separate password than those of login password.
At the end, all of this is fairly moot if you are not comfortable with online banking or utilizing online financial service (completely understandable). I highly encourage everyone to read Mint’s or any other service’s legally binding policy, terms and condition so they understand the rights and protection they have when they use services like these to handle sensitive data.
P.S. Sorry for the late response. Have been out of town.
October 9th, 2007 at 1:12 pm
Mint has a nice interface but it lacks the functionality that Yodlee powerered sites offer. I need a site that can aggregate all of my banks, credit cards, brokerages, and reward accounts in one. Mint doesn’t offer that extensive of a service…yet. Maybe eventually they will.
October 13th, 2007 at 4:03 pm
I’m with Raymond. Mint looks like it is a much nicer interface, but I care more about having all the accounts together than the look and feel and even some options. Of course it they pull in all accounts and look better, I’d switch!
October 17th, 2007 at 10:16 am
I would still use Quicken. Mint hasn’t been around long enough to inspire confidence yet.
September 19th, 2008 at 12:33 am
I’ve noticed one GLARING problem with Mint: the Mint login is not secure. Because Mint doesn’t use HTTPS for the login page, there is absolutely no way to verify that you are connected to the true mint.com and and that your email and password are not going to be sniffed.
The strongest encryption in the world doesn’t matter if it’s never used!
I was eager to set up an account with Mint after all the rave reviews I’ve read, but I was surprised disappointed to discover this flaw, which went unreported.
I still very much want to take Mint for a test drive as I think everyone could benefit from this kind of tool, but this is a dealbreaker! Until this extremely foolish and risky setup is corrected, I won’t be using Mint and will be advising others to stay far away.
September 19th, 2008 at 12:49 am
Charles: Actually the Mint login is secure. When you submit your login from the front page (mint.com), you’re actually submitting it directly from the login form to https://wwws.mint.com/login.event
You can verify this in the page source of the main page.
If anything, you can just bookmark https://wwws.mint.com/login.event for the extra peace of mind. They probably should make the issue more clear though.
September 19th, 2008 at 2:32 am
@Cap: Thanks for the quick response!
I didn’t see any link to https://wwws.mint.com/login.event on the landing page, but I’m glad to know that a secure login page is available….somewhere.
However, my original point still stands. HTTPS uses SSL/TLS which provides three important things:
1) Confidentiality. Strong encryption is used between the client and the server. This ensures that nobody can read what is being transmitted.
2) Authentication. Digital certificates and signatures are used to verify the server’s identity. This ensures that the amazon.com you are connecting to is the true amazon.com.
3) Integrity. Message authentication codes are used to verify the data that is being transmitted. Because only the client and the server are able to generate valid messages, these ensure that no attacker is able to modify data while in transit.
The Mint login does not offer #2 or #3 because the landing page is not served over HTTPS. Without HTTPS, it is trivial for an attacker sitting in a Starbucks or a Panera to conduct a man-in-the-middle attack which modifies the contents of http://www.mint.com/ . If the HTTPS submission link is replaced with one that is HTTP, #1 is lost, and the email address and password will be transmitted in the clear for anyone to see.
September 19th, 2008 at 2:38 am
Sorry about the double post, the original disappeared for awhile. Please delete the first, the second is better written.