money in excel

T

tulak

Thinks s/he gets paid by the post
Joined
Aug 18, 2007
Messages
2,905
I would have given it a look but it appears that Money isn't available with the MS 365 Enterprise version I use.
 
I just downloaded it. It uses a company called "Plaid" to connect to your accounts. I didn't actually setup any accounts, but it has all the banks and credit cards we use, including my credit union. I also didn't go so far as to figure out where it's storing the login credentials for these accounts, but it did make me sign into my Microsoft account before it would load the list of banks, so I suspect it may be somewhere on OneDrive or some hidden area in the MS cloud.

It's got some basic features for tracking spending by categorizing transactions and displaying totals in pie charts and graphs. It downloads all transactions into a single sheet and you use filters if you want to see one account or one category or a range of dates.

There is a template for Net Worth, and there are a couple of places that say "Investments", but I don't see anything in the Transactions or Categories sheets that make sense for investment transactions, so I'm guessing it isn't able to download or display transactions and holdings for brokerage accounts (or if it does, it's kind of shoehorned in).

If I weren't already using Quicken and needed a way to track expenses, this would be a good way to start. The obvious next expansion is for them to add some kind of budget template.
 
I always worry that these financial aggregators pose a huge security risk since they hold all of our login credentials. I haven't heard of any major problems with them so maybe I am missing something. Does anyone have good info on why they might not pose a big risk?
 
donheff said:
I always worry that these financial aggregators pose a huge security risk since they hold all of our login credentials. I haven't heard of any major problems with them so maybe I am missing something. Does anyone have good info on why they might not pose a big risk?
Click to expand...

Some of the (supposedly) most secure systems in the world have been penetrated. Not sure why we would trust this one. Any guarantees (or warranties with actual monetary promises) included with subscription? I got hacked the very first time I gave a credit card over the internet. Perhaps once bitten twice shy, but I think I'd be wary - but YMMV.
 
donheff said:
I always worry that these financial aggregators pose a huge security risk since they hold all of our login credentials. I haven't heard of any major problems with them so maybe I am missing something. Does anyone have good info on why they might not pose a big risk?
Click to expand...
This article would be a building block for understanding the risk, and how to mitigate that.
https://www.datamotion.com/best_practices_-securing_data_at_rest_in-use_and_in_motion/

The solutions used vary, but there are standards and practices for data security products used to protect your data.

And of course it is a changing landscape, so the technology used must be tested and improved all along the way.

It is difficult to understand this, as you don't see all of the tech that is being used. The reputation of your company is important.
 
Giving Microsoft and some random software vendor all of your financial passwords ... what could possibly go wrong?
 
The younger people have no problem giving away all their information and passwords to various apps, I think they are incredibly gullible and easy marks for the predators.
 
Big security risk!

donheff said:
I always worry that these financial aggregators pose a huge security risk since they hold all of our login credentials. I haven't heard of any major problems with them so maybe I am missing something. Does anyone have good info on why they might not pose a big risk?
Click to expand...


+1

Can you trust Microsoft with windows computer security? No!
Would you entrust them with all your bank data? No way!
 
sengsational said:
Giving Microsoft and some random software vendor all of your financial passwords ... what could possibly go wrong?
Click to expand...
It doesn't sound like M$ is holding the account information, but Plaid does.
https://blog.plaid.com/microsoft-announcement/

I don't handoff account data, but it is tempting. M$ (like other industry leaders) lives and breathes the infosec concept:
https://en.wikipedia.org/wiki/Information_security

Plaid (https://plaid.com/) was no doubt seriously vetted before being included in M$ Excel. But i would research that company before becoming comfortable with the solution.

But there are vulnerabilities in systems, and much harder to find when combined.
 
jim584672 said:
The younger people have no problem giving away all their information and passwords to various apps, I think they are incredibly gullible and easy marks for the predators.
Click to expand...
I was impressed with the younger people I worked with, and their willingness to use trusted technology. They grew up with best practices while old fogies like me had to learn the hard way!
:D
 
I did a little more research on Plaid. They provide the APIs used to power Venmo, Coinbase, Acorns, Transferwise, etc, so they do have a lot of experience with tokenization in financial transactions. Not to say they're unhackable or that anything is 100% secure, but they're probably no worse than any other type of e-banking that's out there.
 
samm said:
+1

Can you trust Microsoft with windows computer security? No!
Would you entrust them with all your bank data? No way!
Click to expand...
I do now trust M$ with computer security.

The product does not entrust them with your bank data. Plaid is the company holding that info. So long as they adhere to all of the best practices for security, you're data is safe.

The vulnerabilty that scares me most is the humans involved in the process.
 
Sunset said:
+1
Instead of some hacker, stealing your bank password, and emptying the bank account. They get Everything in one hack... :facepalm::facepalm::facepalm::facepalm:
Click to expand...
If you have 2FA turned on, even if the login credentials are stolen, the baddies would need to unencrypt the credentials AND have your 2FA stuff.

So, people using this service probably get annoyed at having to fulfill the 2FA side of things, and turn it off!
 
Plaid is behind the scenes of a lot financial websites. You're probably using them already.
 
I use Intuit's MINT web site. It uses 2FA for most logins. They have read-only access to the accounts. This allows me to check ALL ACTIVITY from ALL ACCOUNTS in one place at one time. Since most/all of our accounts (bank, credit cards, VG) offer some sort of fraud protection, I'm not all that worried. For any cybersecurity experts out there, please weigh in as to whether you believe no one should use account aggregator services, such as MINT, and why.
 
HNL Bill said:
I use Intuit's MINT web site. It uses 2FA for most logins. They have read-only access to the accounts. This allows me to check ALL ACTIVITY from ALL ACCOUNTS in one place at one time. Since most/all of our accounts (bank, credit cards, VG) offer some sort of fraud protection, I'm not all that worried. For any cybersecurity experts out there, please weigh in as to whether you believe no one should use account aggregator services, such as MINT, and why.
Click to expand...

When I've read the fraud protection rules, most include a rule that you don't share or give away your login to other's.

Otherwise I could give my login to Billy Bob, and after he takes all the money, I could rightfully claim I didn't do it, so give me back my money.

So once you have signed up for some aggregator service, the bank, etc has an excuse not to pay, claiming it was the aggregator service that is responsible in a future illegal access.
 
Sunset said:
When I've read the fraud protection rules, most include a rule that you don't share or give away your login to other's.

Otherwise I could give my login to Billy Bob, and after he takes all the money, I could rightfully claim I didn't do it, so give me back my money.

So once you have signed up for some aggregator service, the bank, etc has an excuse not to pay, claiming it was the aggregator service that is responsible in a future illegal access.
Click to expand...
Well, despite Mint's convenience, and despite their level of encryption, I took your advice. I deleted all of my accounts from MINT, and requested that Intuit delete my account with MINT. I'll miss it, but it's also a royal pain, with duplicated accounts, lost accounts, 2FA logins, etc.
 
HNL Bill said:
Well, despite Mint's convenience, and despite their level of encryption, I took your advice. I deleted all of my accounts from MINT, and requested that Intuit delete my account with MINT. I'll miss it, but it's also a royal pain, with duplicated accounts, lost accounts, 2FA logins, etc.
Click to expand...

I hope you changed the passwords to your bank accounts, as your records for MINT are on many many backups, as companies like that ensure they backup all the data in case of catastrophic failure.
 
Concerning multi-factor login, that is usually something you have (as opposed to something you know). A third party, like Plaid, would presumably have your userid and password (the something you know), but would not have the additional factor (the something you have). If they do have the additional factor, well then, the bad guys could also have it, and it's a weak second factor.

What might be happening is that Plaid gets permission from the bank site to log in without the second factor because of who they are. Now the bad guys are scurrying around, trying to figure out how to pass themselves off as Plaid when they hack at the bank.

I'm not saying it's highly likely that putting all the keys to the kingdom as plain text into the hands of a trusted third party will cause a catastrophe, but I'm not doing it.
 
sengsational said:
Concerning multi-factor login, that is usually something you have (as opposed to something you know). A third party, like Plaid, would presumably have your userid and password (the something you know), but would not have the additional factor (the something you have). If they do have the additional factor, well then, the bad guys could also have it, and it's a weak second factor.

What might be happening is that Plaid gets permission from the bank site to log in without the second factor because of who they are. Now the bad guys are scurrying around, trying to figure out how to pass themselves off as Plaid when they hack at the bank.

I'm not saying it's highly likely that putting all the keys to the kingdom as plain text into the hands of a trusted third party will cause a catastrophe, but I'm not doing it.
Click to expand...
This is me guessing.

There is a "trusted" comm link between Plaid and Bank. It probably requires several things to occur before proceeding with data transfer.

When you type your login and pw into Plaid, it is clear text for a moment. During sending, store and use it is encrypted. Of course there must be other moments (I guess again) where the login and pass is in clear text, but not seen by humans at either end.
 
target2019 said:
This is me guessing.

There is a "trusted" comm link between Plaid and Bank. It probably requires several things to occur before proceeding with data transfer.

When you type your login and pw into Plaid, it is clear text for a moment. During sending, store and use it is encrypted. Of course there must be other moments (I guess again) where the login and pass is in clear text, but not seen by humans at either end.
Click to expand...

Even if Plaid stores it encrypted, they need to decrypt it to make use of the plain text (since they don't know the banks encryption protocols).

So the simple fact that they use an algorithm that can be decrypted, means anyone grabbing a copy of their database has the possibility to decrypt it.
 
You must log in or register to reply here.

Similar threads

clifp
The mechanics of managing your money as we age
2
Replies
36
Views
4K
SecondCor521
SecondCor521
L
25, 87K networth.What to do with 65K in cash? Need a plan!
2
Replies
32
Views
3K
letsdothis
L
R
How to put auto refreshing stock prices in Excel
Replies
22
Views
13K
Golden sunsets
Golden sunsets
C
Quicken to MoneyDance? GnuCash?
Replies
8
Views
8K
tulak
T
S
Tim in Texas
Replies
11
Views
3K
target2019
target2019

Latest posts

Back
Top Bottom