Mint.com and saving passwords in plain text

R

Restrikted

n00b
Joined
Jan 14, 2011
Messages
3
I've been doing a bit of researching on storing login data securely and obviously the last thing you want to do is store the data in plain text. As I logged on to mint.com today I realized that in order to connect and download data from other financial institutions they must first give them the user's login data. I'm assuming that since not everybody uses the same method of encryption, they can't just send them their user's hashed password, but plain text or just using two way encryption. My question is how do they securely store this data if they are relying on two way encryption methods and is it possible to cheaply do myself?
 
while I haven't used mint so I don't really know how it works...

my guess would be SSL. Just like when you log in to your account, you're entering your info into an SSL-secured page.
 
The data they transmit may be in plain text, but the session is most likely secured via SSL.
 
StarTrek4U said:
Here's their plain-english security FAQ...

http://www.mint.com/how-it-works/security/security-technology/
Click to expand...

And the only part of that which is really applicable to this thread is "Your bank login credentials are encrypted."

If they simply impersonate you and login to the other financial institutions just like you would, then they have to have the credentials available in plaintext (just like you type them in). They may store them with some form of encryption, but their automated system that connects to your other accounts would have to be able to decrypt it to get the plaintext credentials in order to login. Keeping something in a safe is good, but to be able to use it, you need to have the key to the safe. If the decryption key is kept on the same system as the encrypted data, it's sort of like taping the key to the side of the safe. I'm assuming that Mint wouldn't actually keep the decryption key and the encrypted data on the same system, but if someone can get unauthorized access to the encrypted data, they can probably get to the decryption key too.

If Mint has special access to those financial institutions, it's possible they could connect securely without needing to store your actual password in a retrievable format. For example, forum software stores a hash of your password rather than the actual password. When you login, it hashes what you typed and checks to see if that matches the hash it has on file. If it matches, then that means you typed the right password. If it doesn't, then you didn't. This way the software can validate logins without having to store an actual copy of the password. Similarly, Mint could have a setup like this with the financial institutions, where it stores a hashed or encrypted copy of your password, and the other end verifies it against the hashed/encrypted version of your password too. This would require them to setup a system to do this, as obviously just typing the hashed/encrypted password into the login fields isn't going to work.
 
Sending it from Mint to your bank is the same as logging in directly through a bank. It is an ssl encrypted connection.

There are plenty of nasty ways to have your ssl traffic intercepted, stripped and viewed in plain text. (sslstrip for example). Your best bet is to avoid unsecured wireless networks and always make sure that you you are connected to legitimate sites through legitimate means, or use a VPN tunnel to access sensitive information.

http://en.wikipedia.org/wiki/Secure_Sockets_Layer

sslstrip.png


sslstrip-1.png


notice how the "s" is missing from https://chase.com? That means that something happened to its ssl encrypted connection (in that case my laptop was running ssl strip and arp spoofing, letting the "ssl" traffic flow through one interface and spewing it back out another with the encryption stripped off. Basically the laptop was able to view anything the user input in clear text (username "test" password 1234567)

chase uses some other security measures, so even once you had a username and password you would still need access to their email to get a verification code. Not all that hard to do if you were already able to sniff out their username and password though.

Not saying that any of this is a good idea, or even legal, but I think Mint's connection to your bank is really the least of your concerns in the scary world of modern computing.
 
Issues like that is why I don't use mint.com
I give props to the guy who came up with it, and good on him that he sold it for a billion dollars, but you couldn't pay me to enter all my accounts into mint.com and still sleep at night. That's just asking for trouble imho.
 
Its owned by the same people who do TurboTax. It made it amazingly easy to do my taxes this year since turbo tax can pull everything from Mint, ADP and schwab. I did not need a single piece of paper to do my taxes this year :cool:
 
Except he was specifically asking about storage of the credentials, not transmission.

The method of transmission (simply impersonating you over SSL with the supplied credentials vs. some other authentication system set up with the financial institution) would obviously determine whether or not Mint actually needs to save your plaintext login credentials in a retrievable form. The FAQ states that they're storing and transmitting your info with encryption.

However, if they're just impersonating you with your plaintext credentials on the standard login page, that means Mint has some way to decrypt your encrypted credentials (unlike a forum that only stores a hash of your password). If Mint can decrypt that information, so could a successful attacker. If someone were able to gain unauthorized access to Mint's systems, they now have login information for every single one of your financial accounts. They seem to be good about making sure that doesn't happen, but anything is possible. You're potentially giving up security and privacy in order to gain convenience.
 
For me the benefits outweigh the risks. Even if someone compromises my mint.com account they only have read-only access to my financial information. My mint.com password is different from any of my other passwords, so it is not really any additional risk.

I don't really care is some scumbag can see my financial information (or lack there of).

The passwords being stored somewhere is of some concern, but I still enjoy the benefits of using mint.

Having credit card, addresses, and other info stored all over the net has been the norm for years now (amazon 1-click buying etc.)
 
You must log in or register to reply here.
Back
Top