Intuit Mint yes? no?

[steelyman]

I did a basic search on topics and came across this one which seems reasonably recent. I am curious about any updated opinions about Mint from those who have experience with it.

Context: I was asked to (and did) sit down with a friend who is a novice to expense and investment tracking and was asking how to get started. We spent a nice afternoon and I stayed away from the super-detailed things that are chewed on over and over.

I asked if they tracked anything using a computer or Internet-based resource and the answer was no, but they were interested in starting to do so.

I knew there had been discussions about Mint here, so thought I'd add to the thread for any updates before I go further with the friend.

Anything new?

p.s. I'm a long-time Quicken user.

 

[growing_older]

I cannot understand what possible convenience in seeing all my accounts on a single screen could be worth giving out passwords. I can easily track myself with a very simple spreadsheet.

 

[lemming]

Chase now has a disclaimer of liability if you share passwords with any online service. That is my mortgage carrier. I don't know if that includes downloading tax forms into a tax form or not. I should ask at my bank what their policy is.

 

[Onward]

I may be a fuddy duddy, but I've never felt comfortable sharing all my most sensitive login credentials with anyone, under any circumstances.

To track my financial accounts in one place I use budgetpulse.com, which doesn't connect to my other accounts but instead requires that I enter all transactions manually.

But that's exactly what I want, because:

1. I don't have to entrust anyone with the login credentials for the financial sites I use, and

2. My manual entry of transactions serves as a cross-check against the billing that financial institutions do. More than once my manual records have turned up errors in the entry of credit card transactions, for example. The errors have always been small, hard to notice otherwise, and never in my favor.

 

[AtlasShrugged]

I cannot understand what possible convenience in seeing all my accounts on a single screen could be worth giving out passwords. I can easily track myself with a very simple spreadsheet.

+1

 

[mpeirce]

And yet we've been handing over our credit cards to strangers at restaurants for years. Just what are they doing in that back room?

Not a perfect analogy, but password managers are similar. You hand over all your passwords to them and trust that they aren't sending them back to a Russian mobster to use next year when you least expect it.

Intuit (owner of Mint.com) has behaved responsibly with the data entrusted to them via Mint.com (and TurboTax - is there anything more personal than your tax return?).

Of course if they screw up I'll be the first to be changing all my passwords - probably using a password manager that can do that automatically ;-)

 

[ERD50]

And yet we've been handing over our credit cards to strangers at restaurants for years. Just what are they doing in that back room?

Not a perfect analogy, but password managers are similar. ...

BZZZZT!!!! Two wrongs don't make a right! It is insane that we turn our CC over to strangers, so that they can get our name, number and 'security' code.

But we have a lot of protection against fraud on our CC, and it is mainly an inconvenience if we are compromised. It could be much worse with access to our financial accounts.

-ERD50

 

[mpeirce]

BZZZZT!!!! Two wrongs don't make a right!

Both mint.com and a password manager have obvious downsides, but they both have upsides too. It's all a matter of weighing them.

I check mint.com almost everyday and also get notifications from it when there is any activity over a threshold on any of the accounts it's checks on. I personally view this as more upside than downside for early detection of fraud.

Likewise, with a password manager, there are obvious benefits to easily using complex and unique passwords vs. the chance that the passwords will be compromised.

To each his own.

 

[AtlasShrugged]

BZZZZT!!!! Two wrongs don't make a right! It is insane that we turn our CC over to strangers, so that they can get our name, number and 'security' code.

But we have a lot of protection against fraud on our CC, and it is mainly an inconvenience if we are compromised. It could be much worse with access to our financial accounts.

-ERD50

+1

You nailed it.

 

[Sarah in SC]

I use Mint, and LOVE it. Such an easy (and safe, as safe as anything is today) way to track my cards, considering I do a bit of travel hacking. And also investment accounts. I am very happy with it, and have completely replaced desktop based tracking with it. Love the app, with the biometric feature on iPhone for security.

 

[dvalley]

I've used Mint and Personal Capital since they both came out (P-C much later than mint). I really liked the simplicity of Mint but it didn't give me as many details as P-C does such as showing my the sectors, the AA etc. However, after a few years, very recently something happened with my P-C profile (not sure what, when and how) where when I went back to my networth figures for YTD it's giving me incorrect info from what I have written down elswhere. I went back to Mint to validate and sure enough it's a big chunk of money that's no longer showing in my P-C profile for the begining of the year. In other words the begining of the year balance is showing a lot less than it was and as a result showing me an inflated no for the networth for this year. I haven't bothered with contacting them but sure glad I had written down figures and Mint to have a full quorum and not a split brain syndrome (ok IT speak for clustering here but you get the point).

 

[papadad111]

I've never "trusted" that my info was secure at a budget or financial consolidation site. Think "summer intern" playing with the data and compromising it.

CNBC just posted this article yesterday: http://www.cnbc.com/2015/11/11/cons...en-banks-cut-off-online-finance-services.html

"Online finance tools that help people manage everything from investing and saving to paying off debt are increasingly being cut adrift by banks, leaving users in limbo. The banks say the cutoff of financial data flowing to the apps and websites is caused by security upgrades required to keep hackers at bay, but some industry watchers suspect the motive may have more to do with the bankers' bottom lines."

I can see the security risk. Can also see the threat that these sites create from taking business away from banks. Robo investing etc.
On average I think older people are shy toward technology - not sure though if we are really being any safer by avoiding these financial and budgeting web sites. To me a far Better security step would be to shut off your information flow from your Facebook page, if the goal is to stay cyber-safe and avoid social engineering / hacking.

Never mind that 80 percent of older people use the same password for multiple sites too ... And more than half still use something like Password1234

 

[steelyman]

I can update on my limited investigation into Mint. Again, this is on behalf of friends (I'm a mostly-satisfied Quicken user, still have lost the Quicken lifetime planner so I just live my life instead - and use spreadsheets for that).

Feedback from actual Mint users is helpful and its good to read that responses are positive. But in a "I coulda had a V-8!" frame of mind this week, I decided to give it a try myself, using separate account information to which I have access.

I didn't get far, and stopped at the very first step during signup, during which it stuck me on a page that wanted banking information. I couldn't figure out how to get past that in a legitimate way. I'd been hoping for a "skip this step" kind of button, but there was nothing. A Web search came up with several workarounds/tricks, but I try to avoid that kind of thing.

I do share the security concerns voiced, and have never entered any account information for Quicken (account #, passwords, etc), so I try to be careful about that, no matter how much Quicken urges me to upload my portfolio. Really, all I want are the investment quotes so that's all I do. All transactions (credit cards, investments) I've entered manually, since around 1995. Not bad, as long as you keep up with it. I probably have a simpler financial picture than many members, too.

Anyway, I do not feel comfortable recommending Mint for my just-getting-started friends to use, and when I explained why, they understood perfectly. They see the news like the rest of us, and don't want to chance it.

 

[Sonic]

No system is guaranteed 100% secure, but I wouldn't be anymore concerned with Mint security than your financial institution's security. Mint uses the same level of security as the big banks and the only identifying information linked to your account on the site is your e-mail address.
They don't even store your Mint password on their servers, it's a salted hash.
They also employ some of the best hackers in the country who have not been able to penetrate their highly sophisticated security. Plus, if financial institutions weren't confident in Intuit's security, they wouldn't grant them access.
This, and as another poster stated, using 2 factor authentication on your accounts, provides for a well-vetted secure solution.
For me, it provides a way to stay on top of our various accounts, and last year when someone stole some checks out of my Wife's checkbook and cashed one for just short of $5,000, I saw it right away and was able to freeze the account. Of course there are other ways to be alerted, but this one worked for us.
I certainly understand people not wanting to use something like Mint, but as an I/T guy, I did look into their security and in my case I am comfortable using their service.

 

[mpeirce]

I was updating my account info at mint.com for my Capital One 360 saving account.

They now offer a "personal access code" for access to the account. This is different than the account password and gives them read access to the account.

I hope other banks and investment companies offer this. It's a nice security enhancement to not have to give my full credentials for an account to mint.com

Do people know of other companies that have this setup?

 

[audreyh1]

Even though I still use Quicken and Turbotax (and have for decades), I do not trust Intuit's corporate culture to do the right thing by customer security.

 

[CherylGrrl]

I have been a very satisfied Mint user for many years. As a former computer security VP for a major bank i understand and am comfortable with the encryption technology they use to protect account passwords. Account passwords are encrypted using a technique that is one-way... You couldn't figure out what the password is even if you broke into the file of encrypted passwords. The encryption key is held in 5 pieces by 5 different senior executives of the company. This is an extreme form of dual custody, a time-honored security principle. I just toured the old Titan missile facility south of Tucson, Arizona and saw how a nuclear warhead could have been launched with just 2 people using their (physical) security keys at the same time. I'm not too worried that 5 executives of Intuit will decide to collude to steal my money, knowing the breach would be instantly traceable to them.

Mint is a nice little business and a security breach would shut it down, so Intuit is highly motivated to keep your data secure.

Mint saved my bacon a couple of months ago when it warned me of a big overdraft in my checking account -- I had mistakenly sent $12,000 to savings in another institution from the wrong checking account. Because of the timely warning from Mint I was able to cancel the transfer while it was still pending. My bank sure wouldn't warn me, they want the overdraft fees!

All in all, no risk in any real sense and a fabulous money tracking tool for free.


Sent from my iPad using Early Retirement Forum

 

[explanade]

Mint is free?

How do they make money?

 

[2017ish]

Mint is free?

How do they make money?

Here is their answer to that (from Help/Faq of the site):

How is Mint.com free?
We make money when you save money with the Ways To Save feature on Mint.com. If you sign up for a checking, savings, credit card or brokerage account marked as sponsored, we earn a referral fee.

https://www.mint.com/help

 

[explanade]

Hmm, Intuit is trying to sell Quicken. So will they keep Mint?

 

[hesperus]

Do any of these portfolio aggregators offer a monthly breakdown of estimated dividend income? This is a tool that I have a hard time finding.

 

[Fean]

I spent the last 13 years of my career as a computer security architect writing software to both implement and break encryption solutions. So please understand the gravity of the situation when I tell you that I am terrified of Mint and its peers. I desperately want to use Personal Capital because it looks like a great product that meets a huge need that I have. However, I simply cannot bring myself to take the plunge. The risk of using such a service is both real and severe.

Handing out the usernames and passwords for your financial institutions is irresponsible. If someone steals your credit card, you aren't on the hook for the damages. However, if you give out your login credentials and someone ends up draining your bank account or retirement account, YOU may very well be on the hook for all of the damages. Two of my three banks have policies that specifically state that giving my password to a third party (e.g., Mint or Personal Capital) absolves them from any liability for losses in my account. Several investment firms and brokerages also have similar policies. If you want to use Mint or another similar site then you should definitely read the fine print for any accounts you link to that site to see who is liable if someone does get into your account.

Interestingly, the mechanism by which Mint encrypts and stores your login credentials is largely irrelevant to me. First of all, Mint doesn't even need to be compromised to cause you issues. If someone drains one of your accounts that is linked to Mint, then you could be liable for the loss even if Mint had nothing to do with how someone got into your account. The fact that you violated your financial institution's security policy potentially places the liability on you. Second, let's assume that Mint perfectly implements a state-of-the-art password manager that uses all known best practices in the industry. You are still at risk. The target is juicy enough that an adversary could justify spending millions of dollars on hardware to crack Mint's encryption and gain access to all of the financial accounts linked by Mint's customers. Third, the hypothetical "perfect" implementation I mentioned in the second point above is a myth. There will always be vulnerabilities in the end.

-Fean

 

[photoguy]

Well said.

The only way I would even consider mint is if my financial institutions had read only password access explicitly for third parties like mint

Sent from my Nexus 5 using Early Retirement Forum mobile app

 

[audreyh1]

Agree, well said.

 

[mpeirce]

Each of us makes our own decisions of course.

I view my (and my DWs) ability to consolidate and view our entire financial life in one place as worth it. Situational awareness is key. I probably check it daily on average. It makes it easy to keep an eye on everything. It's also very useful historically to be able to look back and see activity from 5 years ago or whenever.

My folks each use this too and share the info with me. It's an excellent way for me to keep on eye on their finances to make sure nothing weird is going on. As they get older, this becomes more important.

And everyone should certainly make use of all the helpful tripwires that Mint and the various banks and investment companies provide. I turn most of these on. I know when there's a credit card transaction in real time (on my watch even). I know when there is a transaction in one of our investment accounts. "Oh look, another dividend today"

And that fact that Capital One and Mint are using a readonly access mechanism now is reassuring. That's a move in the right direction. And I expect other companies to adopt it. Good for them.