> So how are they supposed to get your data from your bank if they can't login to it?
Like I said, there's no requirement for credentials to be STORED in plaintext. They just need to be readily convertible to plaintext when they pull your data. I'm thinking about a system where credentials are encrypted and access to the keys are locked down (either via software or hardware) so that engineers and operations don't have unimpeded access.
> Just change "Yodlee" to "your bank" and the same exact problems happen. There is nothing special about Yodlee here.
Two things:
1a. Like I already said, many banks protect their users from losses incurred if someone gets hacked while using the bank's online portal. They'll bail me out if someone gets access to my account and takes all my money. Will they bail me out if Yodlee is used as an attack vector? That would be nice but I'm not convinced that banks/brokerages/etc. will step up and help me out in that situation. Ideologically I don't even know if banks should be expected to.
1b. Will Yodlee bail me out if an attacker uses them to steal all my money? Nothing on their website indicates that they will. Even if they did, implementing these risky features just adds more risk and uncertainty to their business for a feature which isn't ultimately that worthwhile.
2. Yodlee is special because they're an aggregator. That makes them a significantly more valuable target than one bank alone. I have various accounts at various places, if someone got access to one of them at least the damage is contained. With Yodlee they get everything at once.
> And when Yodlee asks them for their bank's password they don't realize what's going on?
You'd hope so but can't assume, you're not just selling to technical and security-conscious users. Most of Moneycenter is looks like it's dedicated to read operations. There are just a few innocuous-looking links in the account management section which opens up this whole can of worms. I came to Yodlee from Mint, who doesn't expose anything in their UI which would allow writes. That was my expectation because write access via this kind of service is unthinkable to me. After I explored a bit and realized this I removed all my accounts.
> It's exactly the opposite of what you think - by letting you know they have the password you will be more security conscious with them. If that feature did not exist you might think that they were a "read only view".
I get where you're coming from but I think this is a stretch. If they're really trying to be upfront with their users about what can and can't be done they would be more explicit than two links for "auto-login" and "show my password".
Maybe the disconnect is that I want a read-only financial aggregator (i.e. Mint) whereas Yodlee tries to do more... but from my brief experience with Yodlee I didn't really even see many things that directly did writes. Most of the value I saw was in the reading/reporting.
> Do you think it works by magic? How do you think it logs you in to the other site? It uses your password! It makes an auto submitting form that has your password in it, in plain text, right there in the javascript!
Sorry, I wasn't really clear in my haste to edit the last reply. I know auto-login is only trivially and superficially different from showing a plaintext password. That's why I didn't even mention it at first.
EDIT: Actually I think the current implementation of auto-login may be worse than showing the password in cleartext. IIRC the user doesn't have to provide Yodlee credentials a second time like they do to view their bank password.
Like I said, there's no requirement for credentials to be STORED in plaintext. They just need to be readily convertible to plaintext when they pull your data. I'm thinking about a system where credentials are encrypted and access to the keys are locked down (either via software or hardware) so that engineers and operations don't have unimpeded access.
> Just change "Yodlee" to "your bank" and the same exact problems happen. There is nothing special about Yodlee here.
Two things:
1a. Like I already said, many banks protect their users from losses incurred if someone gets hacked while using the bank's online portal. They'll bail me out if someone gets access to my account and takes all my money. Will they bail me out if Yodlee is used as an attack vector? That would be nice but I'm not convinced that banks/brokerages/etc. will step up and help me out in that situation. Ideologically I don't even know if banks should be expected to.
1b. Will Yodlee bail me out if an attacker uses them to steal all my money? Nothing on their website indicates that they will. Even if they did, implementing these risky features just adds more risk and uncertainty to their business for a feature which isn't ultimately that worthwhile.
2. Yodlee is special because they're an aggregator. That makes them a significantly more valuable target than one bank alone. I have various accounts at various places, if someone got access to one of them at least the damage is contained. With Yodlee they get everything at once.
> And when Yodlee asks them for their bank's password they don't realize what's going on?
You'd hope so but can't assume, you're not just selling to technical and security-conscious users. Most of Moneycenter is looks like it's dedicated to read operations. There are just a few innocuous-looking links in the account management section which opens up this whole can of worms. I came to Yodlee from Mint, who doesn't expose anything in their UI which would allow writes. That was my expectation because write access via this kind of service is unthinkable to me. After I explored a bit and realized this I removed all my accounts.
> It's exactly the opposite of what you think - by letting you know they have the password you will be more security conscious with them. If that feature did not exist you might think that they were a "read only view".
I get where you're coming from but I think this is a stretch. If they're really trying to be upfront with their users about what can and can't be done they would be more explicit than two links for "auto-login" and "show my password".
Maybe the disconnect is that I want a read-only financial aggregator (i.e. Mint) whereas Yodlee tries to do more... but from my brief experience with Yodlee I didn't really even see many things that directly did writes. Most of the value I saw was in the reading/reporting.
> Do you think it works by magic? How do you think it logs you in to the other site? It uses your password! It makes an auto submitting form that has your password in it, in plain text, right there in the javascript!
Sorry, I wasn't really clear in my haste to edit the last reply. I know auto-login is only trivially and superficially different from showing a plaintext password. That's why I didn't even mention it at first.
EDIT: Actually I think the current implementation of auto-login may be worse than showing the password in cleartext. IIRC the user doesn't have to provide Yodlee credentials a second time like they do to view their bank password.