Safest Aggregator

S

savory

Thinks s/he gets paid by the post
Joined
Jul 3, 2011
Messages
1,295
I love Personal Capital. It's interface is perfect and a vast improvement on Yodlee and Mint (the version I used years ago.

However, I am trying to improve my online security. I am no longer comfortable with sharing my passwords with PC. And, given I use PC, I am not able to use 2FA for some of my accounts.

I am hoping to get feedback on the following:

- An aggregator where I do not have to provide my passwords. Or an aggregator that has unique passwords set up between the aggregator and the financial institution that has limited 'rights' such as transferring data but not allowed to execute transactions. (I am told that might be coming, eventually).
- An aggregator that works much like Personal Capital where investments are tracked as is spending. (I think I might be describing Quicken but not sure what I would give up. And, are there others I should research). Any comparisons between Quicken and PC, it would be appreciated.
- I am willing to pay for this extra password security

Thoughts/questions? Thanks
 
How is an aggregator to get updated information on your accounts without your log in information?

I use Quicken but I have to include my login info for each account that I want updated... I think the log in info is kept in the file on my laptop rather than on a cloud server like PC so that is a bit of a step up.
 
I don't use any online aggregator as I'm not going to share my passwords.

I would think all the aggregators are prime targets for hacking so no need to give the bad guys one place to get all my stuff at once.
 
Only option if you don't want to share your login information is a spreadsheet that you manually update.
 
Can't PC import from PDF or other formats? If it can, simply log in manually to your accounts, save the data locally, then import it into PC.
 
bobandsherry said:
Only option if you don't want to share your login information is a spreadsheet that you manually update.
Click to expand...

That is what I do, and not too frequently as I'm not really interested in the rapid fluctuations.

I do make sure to do a end of year update, so I can chart the total amt. over the years.
 
I use Quicken as my aggregator. I prefer not to do it online, but only have data on my laptops at home.
 
GrayHare said:
Can't PC import from PDF or other formats? If it can, simply log in manually to your accounts, save the data locally, then import it into PC.
Click to expand...
I tried PC, I don't recall it importing PDF or any format.
 
bobandsherry said:
Only option if you don't want to share your login information is a spreadsheet that you manually update.
Click to expand...

That's what I do. I really don't trade a lot, so I do not need to update my spreadsheet all that often. Security prices are updated automatically.
 
audreyh1 said:
I use Quicken as my aggregator. I prefer not to do it online, but only have data on my laptops at home.
Click to expand...

Can you explain how that works?

Does Quicken store your passwords on their site and then pass the information to the Quicken program installed on your computer?

Or, does Quicken make a 'call-out' from your computer to the various sites and then in a 'site to site conversation' download the information to your computer?

Or, do you enter the data manually on quicken from your brokerage and bank sites?

Thanks
 
Vanguard allows one to manually add shares to your balance. If what you hold has a ticker symbol it automatically updates the value of your non Vanguard holdings.

I would think Fidelity and others can do the same.

No way would I give an aggregator my password, no matter how pretty or useful the charts were.
 
pb4uski said:
How is an aggregator to get updated information on your accounts without your log in information?

I use Quicken but I have to include my login info for each account that I want updated... I think the log in info is kept in the file on my laptop rather than on a cloud server like PC so that is a bit of a step up.
Click to expand...

I just looked at the Quicken Youtube set up and it suggests to me that you provide passwords to Quickenand they automatically upload information to the Quicken site on your computer. That suggests to me that Quicken is holding your passwords as Personal Capital holds mine.

The interface and ability to move things around on your computer might be different. But, the data gets there by a request from Quicken to your financial site.

Do I have that right? If so, Quicken provides no more protection when used as an Aggregator than any other aggregator.
 
davef said:
Can you explain how that works?

Does Quicken store your passwords on their site and then pass the information to the Quicken program installed on your computer?

Or, does Quicken make a 'call-out' from your computer to the various sites and then in a 'site to site conversation' download the information to your computer?

Or, do you enter the data manually on quicken from your brokerage and bank sites?

Thanks
Click to expand...
No, Quicken doesn't save your passwords unless you ask it to.

Quicken imports transaction data, and knows you account numbers and will import transactions into the correct accounts.

Some accounts are handled by Quicken querying the financial institution and prompting you for the password and importing the transactions directly (direct connect).

Others are handling by you downloading a QFX or QIF file from the institution and importing the file. Quicken recognizes the account info in the file and puts the transactions in the right place. I prefer this method as I don't like entering a password in the Quicken prompt.

So you end up with all transactions of all your accounts nicely organized and on your personal computer - not out on the web somewhere. And it's mostly automated.
 
davef said:
I just looked at the Quicken Youtube set up and it suggests to me that you provide passwords to Quickenand they automatically upload information to the Quicken site on your computer. That suggests to me that Quicken is holding your passwords as Personal Capital holds mine.

The interface and ability to move things around on your computer might be different. But, the data gets there by a request from Quicken to your financial site.

Do I have that right? If so, Quicken provides no more protection when used as an Aggregator than any other aggregator.
Click to expand...
No, Quicken does not hold your passwords unless you ask it to.

I am set up to manually enter mine every time for the few institutions that require direct connect. Most don't - for those I am able to import a QFX file which I obtain through a separate web session with the institution separate from Quicken. I prefer this method where Quicken doesn't interact with the institution directly.

There a a few institutions that don't support QFX or have errors, so I have to do some manually. Fortunately for me these are institutions with few transactions.
 
I actually use 3 - Fidelity because we have our IRA and brokerage accts there, Northwestern Mutual Life as we already have our insurance policies there and Personal Capital since I liked their format. While our hacking exposure is greater it does provide a double check or triple check if you will when 1 or another isn't functioning correctly as I tend to check each one a few times a week.
 
audreyh1 said:
No, Quicken does not hold your passwords unless you ask it to.

I am set up to manually enter mine every time for the few institutions that require direct connect. Most don't - for those I am able to import a QFX file which I obtain through a separate web session with the institution separate from Quicken. I prefer this method where Quicken doesn't interact with the institution directly.

There a a few institutions that don't support QFX or have errors, so I have to do some manually. Fortunately for me these are institutions with few transactions.
Click to expand...

Thanks! Your post allow me to understand this much better and I searched and found this explanation from the Bogglehead site

"One can use Direct Connect, Express Web Connect or Web Connect. For the last method you log onto your vendor's website and download the information and one can import it directly into Quicken or save it as a Quicken file on your hard drive and then import it."

This was from 2014 so perhaps names have changed but it sounds like what you were describing. I think this would create a lot more work but an increase in security.

Thanks
 
wmc1000 said:
I actually use 3 - Fidelity because we have our IRA and brokerage accts there, Northwestern Mutual Life as we already have our insurance policies there and Personal Capital since I liked their format. While our hacking exposure is greater it does provide a double check or triple check if you will when 1 or another isn't functioning correctly as I tend to check each one a few times a week.
Click to expand...

You may already know that Fidelity uses the Yodlee program in their website. I am not sure if it has less or more functionality than the stand-alone Yodlee site.
 
I set up a portfolio on yahoo finance that includes all my holdings. I update it when ever I make a trade in any account. Cash and real estate are included as FDRXX (fidelity cash reserve) as a place holder. At the end of the day this portfolio shows my current net worth. No account numbers given out.
 
davef said:
Thanks! Your post allow me to understand this much better and I searched and found this explanation from the Bogglehead site

"One can use Direct Connect, Express Web Connect or Web Connect. For the last method you log onto your vendor's website and download the information and one can import it directly into Quicken or save it as a Quicken file on your hard drive and then import it."

This was from 2014 so perhaps names have changed but it sounds like what you were describing. I think this would create a lot more work but an increase in security.

Thanks
Click to expand...
I am running a legacy Quicken for the Mac predates 2014 so my experience matches what you read about.

Quicken stopped supporting Quicken for the Mac a long time ago. Then later came out with "new versions" which didn't come close to the functionality of the old software. Useless.

They have occasionally released much needed bug fixes for my legacy version. It would be crippled by now if not for those.

I do not plan to update any longer as I don't want any new "features". Certainly nothing that requires me to log into a website Quicken account or other such thing that I think could compromise my security.

I'll probably have to find an alternative one day. But this current version seems to run on all the latest MacOSs so keeping my fingers crossed......
 
I use Personal Capital (PC) as my aggregator and my financial accounts are at Schwab and USAA. According to both financial service institutions, PC access is read-only. I also have 2FA turned on for both, and do not have to enter a code every time PC updates - yielding credibility to their claims. And yes, I’ve seperately verified that 2FA is working. That said, if Schwab had even a subset of the aggregation features of PC, I’d dump PC in a second.
 
Last edited:
davef said:
Thanks! Your post allow me to understand this much better and I searched and found this explanation from the Bogglehead site

"One can use Direct Connect, Express Web Connect or Web Connect. For the last method you log onto your vendor's website and download the information and one can import it directly into Quicken or save it as a Quicken file on your hard drive and then import it."​

This was from 2014 so perhaps names have changed but it sounds like what you were describing. I think this would create a lot more work but an increase in security.

Thanks
Click to expand...

That's still basically correct. This more current doc may help: https://www.quicken.com/support/how-quicken-connects-your-bank

Express Web Connect does store your password on Quicken's servers. When you are updating accounts that use Express Web Connect, you are actually retrieving the transactions from Quicken, which they retrieved from your bank the night before.

Express Web Connect is a one-way connection. Data is imported into Quicken, but Quicken cannot affect your transactions or balances in any way.
  • Access and retrieval of data is automated through the use of nightly updates. During these updates, Quicken logs in to your bank's website on your behalf. Generally this happens once a day and outside of business hours. Because of this, you may notice login activity on your bank's website overnight.
  • Your login credentials are stored on Quicken-hosted servers. This makes updates faster for you.
  • Your financial data is stored on Quicken-hosted servers. This provides a more complete history of your financial transactions than is typical for data stored on bank's servers.
  • We use state-of-the-art security measures to protect your login credentials and your financial data.
Click to expand...

Direct Connect does not store your credentials or data on Quicken's servers. It does provide the option to keep them in the Quicken data file (encrypted) on your local hard drive, and it connects directly to your financial institution when you click the Update button. To the user, this experience is identical to the Express Web Connect method. You click the update button, enter one master password, and all your accounts that use Express or Direct connections are updated. If you have chosen not to store your passwords, then you are prompted to enter them at that time.

Web Connect is a more manual process where you login to the bank website, navigate to their "download transactions" page, make the appropriate onscreen selections, and download a file via your browser. You then click on the file to open it, which launches Quicken and causes the transactions to be imported.

I use all three methods because different institutions support different connection types.
 
LiveBelowMeans said:
I set up a portfolio on yahoo finance that includes all my holdings. I update it when ever I make a trade in any account. Cash and real estate are included as FDRXX (fidelity cash reserve) as a place holder. At the end of the day this portfolio shows my current net worth. No account numbers given out.
Click to expand...

Do something similar with Google Finance for my own portfolio. Even keep the DogOfDow, some fun stocks to watch in a watch list. Like that it shows all relevant markets and historical quotes I lookup.

I build my own spreadsheet for clients. GOOGLEFINANCE("GOOG", "price")

I've highly customized these sheets to be almost realtime. Only gap is those weird funds, equities not listed in google. For that its a script that pulls down the data into an export via the management houses UI of that equity. I store the variable and scripted it to drop into the correct sheet based off some filtering scripted in as well :cool:

My aggregate of clients data in these sheets is pretty dynamic, here are the columns. I feel with a historical report of the following columns, I have been able to successfully re-balance into almost any strategy. This feed's into the clients personal FIRECALC sheet which is quite dynamic and allows almost real-time what-if scenario's for current and long-term planning.

SymbolAccountSharesCurrentPriceMoneysOverallPortfolio%CategoryInvstmntStyleAssetTypeFeeExpenseRatioExpense$EPSYTD CHG%$ChangeYTDLastCloseBUY-Price%ChgSinceBUY$ChngSinceBUYSELL-Price$SOLD$NET%NETSinceSell%chgSinceSellPriceJan1stMoneysJan1Price6MonthsAgo6monthGain6MonthNetGainStartDateStartDateDividendMorningStar
 
T-Minus said:
I use Personal Capital (PC) as my aggregator and my financial accounts are at Schwab and USAA. According to both financial service institutions, PC access is read-only. I also have 2FA turned on for both, and do not have to enter a code every time PC updates - yielding credibility to their claims. And yes, I’ve seperately verified that 2FA is working. That said, if Schwab had even a subset of the aggregation features of PC, I’d dump PC in a second.
Click to expand...

While it is great that PC is read only, my concern is that the server with my passwords gets compromised. Right now, I store my passwords on a thumb drive.
 
You must log in or register to reply here.

Similar threads

S
TurboTax: Now what?
Replies
18
Views
1K
donheff
donheff
D
Quicken File Management when Snowbirding
Replies
15
Views
433
audreyh1
audreyh1
A
PC security and hacking!
Replies
21
Views
1K
walkinwood
walkinwood
R
Empower/Personal Capital Aggregation
Replies
11
Views
2K
rkser
R
G
BALANCED FUND vs INTEREST INCOME FUND? Where to park $100k for the next 2 years?
2
Replies
40
Views
3K
rayvt
R

Latest posts

Back
Top Bottom