If You Use Mint, You Could Lose a Mint

“We’re having issues right now.” Yeah, me too. I’m trying to set up my financial accounts on Mint.com so I can test drive its new Mint app and it hasn’t been easy so far. I managed to set up my bank and a PayPal accounts in about 10 minutes, but it’s another story with my credit card. Mint.com has been having “issues” with that one account for about 48 hours and counting.

Mint’s new iPhone app gives you a view of your online financial picture at Mint.com. It would be a time saver if I could access all my accounts all from one place at one time, and that is what Mint.com is all about, at least if it worked.

I was able to set up the same credit card account with another developer’s iPhone app in under 45 seconds during the same time I was attempting to set up my Mint.com account so I surmise the problem is not an erroneous login ID or trouble at the credit card company.

I’m leery of keeping any sensitive information on my iPhone because if I lose it, bad things will probably happen. However, what appealed to me about using Mint’s new app is I would be able to deactivate access to my account from the company’s Web site if the need arises.

That you can’t rely on Mint.com is bad enough. Now, here’s what I believe is a real deal breaker: Neither the site nor the app follow security best practices and the app exposes your most sensitive information to anyone who can spend 30 seconds with your iPhone if you don’t remember to log out of the Mint app or if you receive emails from Mint.com. Even turning off the iPhone will not do.

Mint.com and its app do not set any requirements or provide guidelines on what might be a hacker-proof password, as is common at many sites that handle less-sensitive information. Not everyone is savvy enough to understand the vulnerabilities that ensue from not using proper passwords.

Although you can’t move money using Mint.com or its app, knowing which accounts a person has and how much money is in them, is useful to a bad guy on a number of levels that space unfortunately does not allow me to go into here. I will say that if I was your unhappy spouse, a close friend or relative, I could figure out how to get access to your accounts and most likely, spend your money.

Laughably, I received this morning a weekly account update via email from Mint.com containing a list of of my accounts, the amounts in them and a list of recent purchases. As any iPhone user knows, accessing email requires a simple tap of a button. This yet another security loophole in the Mint app.

The app seems to work fine, as far as giving you access to your Mint.com financial picture. It looks good and the interface is streamlined. But until MInt.com actually makes your private information secure from prying eyes, I’d advise you not to use either the site or the app.

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Solve : *
19 × 29 =