Too nervous about giving up my passwords to use Personal Capital

Have a question about your personal investments? No matter how simple or complex, you can ask it here.
furwut
Posts: 2123
Joined: Tue Jun 05, 2012 8:54 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by furwut »

HoberMallow wrote: Tue Aug 09, 2022 8:14 pm
mmse wrote: Tue Aug 09, 2022 6:13 pm
Bammerman wrote: Tue Aug 09, 2022 2:25 pm I'd like to try using Personal Capital, but a lifetime of protecting my passwords keeps me from trying PC out. I've read all their stuff about how well protected their security is and I have no reason to doubt it, but I just can't take that last step into space. Curious if anyone else has had, or is having, this difficulty, and how you handled it.
This is likely to violate a provision in the bank online agreement that prohibits disclosure of the online credentials to 3rd parties. This would likely shift responsibility for fraudulent transactions from the bank to the client. This is the main reason I would never use an aggregator.
Absolutely. Here's the relevant section from Vanguard's "security promise:"
Vanguard wrote: We’ll reimburse you the amount taken from your Vanguard account in an unauthorized online transaction on vanguard.com if you’ve followed the steps described in the Your responsibilities section below.

You should be aware of the risks of sharing your account information: If you share your vanguard.com user name and password, or if you allow someone to access your account information, activities performed with your shared or accessed credentials or information may be considered authorized.
In other words, if you share your password and money is stolen from your account as a result, don't expect Vanguard to reimburse you.
Despite the common gloom & doom provisions included in account holder agreements whether they ultimately supersede federal regulations is the question.

This letter from the National Consumer Law Center to the Consumer Federal Protection Bureau covers the issue.
https://www.nclc.org/images/pdf/rulemak ... egator.pdf
Some financial institutions take the position that consumers lose their dispute rights and liability protection under Regulation E if they give a third party permission to access their account and unauthorized charges result. That is incorrect. The CFPB should take action to stop financial institutions from misrepresenting consumers’ liability rights in order to discourage use of competing services. (At the same time, as discussed in the next section, the CFPB should facilitate safe methods of data sharing.)



Regulation E rights are not waivable and financial institutions may not change them by contract.
User avatar
galawdawg
Posts: 5231
Joined: Thu Dec 14, 2017 11:59 am
Location: Georgia

Re: Too nervous about giving up my passwords to use Personal Capital

Post by galawdawg »

furwut wrote: Wed Aug 10, 2022 4:33 am
HoberMallow wrote: Tue Aug 09, 2022 8:14 pm
mmse wrote: Tue Aug 09, 2022 6:13 pm
Bammerman wrote: Tue Aug 09, 2022 2:25 pm I'd like to try using Personal Capital, but a lifetime of protecting my passwords keeps me from trying PC out. I've read all their stuff about how well protected their security is and I have no reason to doubt it, but I just can't take that last step into space. Curious if anyone else has had, or is having, this difficulty, and how you handled it.
This is likely to violate a provision in the bank online agreement that prohibits disclosure of the online credentials to 3rd parties. This would likely shift responsibility for fraudulent transactions from the bank to the client. This is the main reason I would never use an aggregator.
Absolutely. Here's the relevant section from Vanguard's "security promise:"
Vanguard wrote: We’ll reimburse you the amount taken from your Vanguard account in an unauthorized online transaction on vanguard.com if you’ve followed the steps described in the Your responsibilities section below.

You should be aware of the risks of sharing your account information: If you share your vanguard.com user name and password, or if you allow someone to access your account information, activities performed with your shared or accessed credentials or information may be considered authorized.
In other words, if you share your password and money is stolen from your account as a result, don't expect Vanguard to reimburse you.
Despite the common gloom & doom provisions included in account holder agreements whether they ultimately supersede federal regulations is the question.

This letter from the National Consumer Law Center to the Consumer Federal Protection Bureau covers the issue.
https://www.nclc.org/images/pdf/rulemak ... egator.pdf
Some financial institutions take the position that consumers lose their dispute rights and liability protection under Regulation E if they give a third party permission to access their account and unauthorized charges result. That is incorrect. The CFPB should take action to stop financial institutions from misrepresenting consumers’ liability rights in order to discourage use of competing services. (At the same time, as discussed in the next section, the CFPB should facilitate safe methods of data sharing.)



Regulation E rights are not waivable and financial institutions may not change them by contract.
A couple of clarifying points. The National Consumer Law Center is a non-profit consumer advocacy' group, not a regulatory or enforcement authority. So what they encourage the CFPB to do has no import.

Second, Regulation E does not cover wire transfers, checks, and any transfer of securities or commodities.

Finally, Regulation E only applies to unauthorized electronic funds transfers. In that connection, it specifically provides that unauthorized electronic fund transfer as defined by that code section does not include transfers "By a person who was furnished the access device to the consumer's account by the consumer, unless the consumer has notified the financial institution that transfers by that person are no longer authorized." In other words, if the consumer provided the "access device" to another (which includes credentials), any resulting transactions are considered authorized unless the consumer has notified the financial institution prior to the transfers that the third party access (aggregator) is no longer authorized.

So absent other legal authority, I believe the fraud protection policies of Vanguard, Schwab and Fidelity that exclude from coverage disputed transactions when a consumer has shared their credentials with others (included aggregation services) do not conflict with Regulation E, and are both valid and enforceable.
User avatar
samsoes
Posts: 2802
Joined: Tue Mar 05, 2013 8:12 am
Location: Northeast Rat Race

Re: Too nervous about giving up my passwords to use Personal Capital

Post by samsoes »

Just say no.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. | (Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
jebmke
Posts: 25474
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: Too nervous about giving up my passwords to use Personal Capital

Post by jebmke »

Bh1984 wrote: Tue Aug 09, 2022 9:35 pm I think it's all comical how people say no they wouldn't do this yet browsers have stored passwords, computers don't have encryption turned on, accounts don't have MFA. I work in this space and the stats show that you are the weakest link most of the time with it comes to being compromised.

Your banks have allowed APIs that can connect to their servers for a reason. They control what can or cannot happen through those APIs.

This reminds me of when someone says I don't want to do ACH but I'll send you a check. Meanwhile your full account information is as the bottom of a check and you are now in transmitting it through the mail.
Are there specific posts where this is stated?
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
Hockey10
Posts: 1108
Joined: Wed Aug 24, 2016 12:20 pm
Location: Philadelphia suburbs

Re: Too nervous about giving up my passwords to use Personal Capital

Post by Hockey10 »

I have been a Personal Capital user for many years. I only give PC access to my credit cards and checking accounts (which have only a small amount of $ deposited). I use PC to track my spending. It is nice to have a centralized spot to see where the money goes, especially at year end. The bulk of my money is at Fidelity, and I have no plans on sharing that password with PC.

My problem with PC is that their customer service has declined. One of my credit cards has not updated correctly in PC for 5 months. One of my checking accounts has not updated in 3 weeks. I fill out the online help form and they claim they are working on it, but the timeframe for problem resolution is getting longer and longer.
jocdoc
Posts: 258
Joined: Wed Oct 30, 2013 5:29 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by jocdoc »

I believe aggregators pose a potential security risk. I do not need to see my holdings more than once a year.
I use the emoney aggregator once a year for financial planning where I give eMoney my password and UID to update my accounts. As soon as I download the info, I change all the passwords I gave the aggregator. This minimizes but doesn't completely eliminate the risks of account hacking.

I am simplifying and consolidating all my accounts this year and will likely be able to manually input the data without using an aggregator going forward.

jc
cjking
Posts: 2039
Joined: Mon Jun 30, 2008 4:30 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by cjking »

I haven't read the thread, but I have searched it for the phrase "open banking" and not seen it mentioned. This is something that I have, in Europe, and a quick google seems to indicate that it's not an unheard of concept in the USA, but I don't know the status of it there. Anyway, it allows me to give an aggregator/third party access to my accounts, without giving them my passwords. This access can be read-only, or it could include the ability to perform transactions, if the aggregator has functionality that requires that, but so far I've not seen a need for the latter. For the time being I'm only able to aggregate bank and credit card accounts, but in future I think access to brokerage accounts will be available.

Could be something to look into the status of, for those of you in the USA.

Edit: Obviously all the security concerns people above have will have been addressed in implementing this. This is not something banks have all done voluntarily, government has created this by regulation, requiring banks to offer API access, and government regulators determine who can be third parties.
jebmke
Posts: 25474
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: Too nervous about giving up my passwords to use Personal Capital

Post by jebmke »

cjking wrote: Wed Aug 10, 2022 7:54 am I haven't read the thread, but I have searched it for the phrase "open banking" and not seen it mentioned. This is something that I have, in Europe, and a quick google seems to indicate that it's not an unheard of concept in the USA, but I don't know the status of it there. Anyway, it allows me to give an aggregator/third party access to my accounts, without giving them my passwords. This access can be read-only, or it could include the ability to perform transactions, if the aggregator has functionality that requires that, but so far I've not seen a need for the latter. For the time being I'm only able to aggregate bank and credit card accounts, but in future I think access to brokerage accounts will be available.

Could be something to look into the status of, for those of you in the USA.

Edit: Obviously all the security concerns people above have will have been addressed in implementing this. This is not something banks have all done voluntarily, government has created this by regulation, requiring banks to offer API access, and government regulators determine who can be third parties.
We still live in the world of mid-20th century banking; we still use little pieces of paper with our signature on it to transfer money. We are making progress, though. We can take pictures of these little pieces of paper and send them to our banks to deposit the money.

I think open banking may be a step to far ahead for us.
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
mptfan
Posts: 7217
Joined: Mon Mar 05, 2007 8:58 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by mptfan »

Bh1984 wrote: Tue Aug 09, 2022 9:35 pm I think it's all comical how people say no they wouldn't do this yet browsers have stored passwords, computers don't have encryption turned on, accounts don't have MFA.
Perhaps that is true for some people, but not for me, my browser does not have stored passwords and my accounts have MFA. I suspect most of the people who say no are more security conscious than most.
mptfan
Posts: 7217
Joined: Mon Mar 05, 2007 8:58 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by mptfan »

jebmke wrote: Wed Aug 10, 2022 8:10 am We still live in the world of mid-20th century banking; we still use little pieces of paper with our signature on it to transfer money. We are making progress, though. We can take pictures of these little pieces of paper and send them to our banks to deposit the money.
The use of those little pieces of paper is also going down dramatically. Years ago I wrote checks to pay all of my bills, but now I pay virtually all my bills electronically. Also I think most people are paid by direct deposit now instead of checks.
Nowizard
Posts: 4839
Joined: Tue Oct 23, 2007 5:33 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by Nowizard »

Who you gonna believe, others or yourself? Some situations support either approach but you are the one who lives with the choice. Given your wording of concern, what are the reasons that would lead you to use Personal Capital? Neither here nor there, but add my name to the "no" camp.

Tim
jebmke
Posts: 25474
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: Too nervous about giving up my passwords to use Personal Capital

Post by jebmke »

mptfan wrote: Wed Aug 10, 2022 8:13 am
jebmke wrote: Wed Aug 10, 2022 8:10 am We still live in the world of mid-20th century banking; we still use little pieces of paper with our signature on it to transfer money. We are making progress, though. We can take pictures of these little pieces of paper and send them to our banks to deposit the money.
The use of those little pieces of paper is also going down dramatically. Years ago I wrote checks to pay all of my bills, but now I pay virtually all my bills electronically. Also I think most people are paid by direct deposit now instead of checks.
I do too (bill pay) but for many of them, the bank issues a check. Still not very many payees are taking eft. Ironically, the fastest adopters have been some of my local service providers. The landscape/grass cutter and the guy who does turf treatment both use Quicken billing that I can pay with a credit card.

Twenty years ago when I lived in Europe, 100% of my payments were electronic, most real-time (ie. ~ 30 minutes or less). At my company, we only accepted EFT from customers (except for a few instances where we would take drafts which are similar but not identical to checks). The US has a very long way to go.
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
H-Town
Posts: 5905
Joined: Sun Feb 26, 2017 1:08 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by H-Town »

mptfan wrote: Wed Aug 10, 2022 8:13 am
jebmke wrote: Wed Aug 10, 2022 8:10 am We still live in the world of mid-20th century banking; we still use little pieces of paper with our signature on it to transfer money. We are making progress, though. We can take pictures of these little pieces of paper and send them to our banks to deposit the money.
The use of those little pieces of paper is also going down dramatically. Years ago I wrote checks to pay all of my bills, but now I pay virtually all my bills electronically. Also I think most people are paid by direct deposit now instead of checks.
I haven't written a check for many years. I use bank bill pay as well. But I know bank will send a papercheck. I just don't know if that check contains the account number and account routing from my checking. Regardless I keep a very minimal balance in my checking account after all bills are paid. So the exposure is not high.
Time is the ultimate currency.
H-Town
Posts: 5905
Joined: Sun Feb 26, 2017 1:08 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by H-Town »

PicassoSparks wrote: Tue Aug 09, 2022 7:26 pm
H-Town wrote: Tue Aug 09, 2022 6:50 pm To those people who said "No" to PC, I have a couple of questions:
1) When you use TurboTax to import trades / 1099-B, do you enter the user ID and password?
I don’t do this.

2) When you link your accounts, many banks use plaid to connect the accounts. Do you use enter user ID and password? PC used the same plaid connection that are used widely in the bank industry.
I don’t use Plaid for the same reason I wouldn’t use PC.

3) For those who use password managers or browser password manager (Chrome, Safari, iCloud chain), how confident are you with your password saved to the cloud? Remember iCloud can be hacked. Remember celebrities pictures on iCloud have been hacked before?
iCloud was not hacked in the celebrity attack. The celebrity accounts were compromised via a phishing attack or guessed passwords, which is exactly the reason that I will not give my banking password to PC or Plaid. The more places that know my credentials, the more risk of them being stolen. I am confident in the security of iCloud Keychain. I do not use third party password managers. I do not use other browsers for banking.

4) When you type in your userID and password, how confident are you that your laptop does not have a keylogger? If you browse internet regularly, there is a good chance to you run into some malicious websites.
I am confident that I do not have a keylogger on my machine. I do not download software from random websites.

If I am wrong about Apple’s security, I will be in trouble.
I'm very encouraging to hear many posters here do it right when it comes to cyber security and protecting their assets. Props to bogleheads.

I think that next step is protecting ourselves from social hacking and other types of threat.

1) Do you have social media (facebook, twitter, instagram, etc.) that share your birthday, where do you live, where do you work, pictures of you, friends, and family, where and when you go on vacation, what car do you drive, how much wealth do you have, etc. This is the wealth of information that hackers/robbers can harvest and plan their attack.

2) Do you have expensive premium car park on the driveway?

3) Do you have to dress up with jewelries and nice car when you go out?

4) Do you leave your laptop in the car or in the hotel room?

5) Do your friends, family members, acquaintances, contractors, maids, etc. know how much money you have?

6) Do you pick up a phone and continue a conversation when the other line tells you that he or she is calling from a bank/brokerage firm/financial institution/cell phone company?
Last edited by H-Town on Wed Aug 10, 2022 9:08 am, edited 2 times in total.
Time is the ultimate currency.
User avatar
Wiggums
Posts: 7050
Joined: Thu Jan 31, 2019 7:02 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by Wiggums »

Bammerman wrote: Tue Aug 09, 2022 2:25 pm I'd like to try using Personal Capital, but a lifetime of protecting my passwords keeps me from trying PC out. I've read all their stuff about how well protected their security is and I have no reason to doubt it, but I just can't take that last step into space. Curious if anyone else has had, or is having, this difficulty, and how you handled it.
As a IT security specialist for 32 years, I would never give my brokerage account logon credentials to anyone. Account aggregators are convenient, but the security design is horrible. In addition, any changes to the broker logon requirements will usually break the aggregator. I use the simple spreadsheet and I deliberately limit the number of accounts that I open.
"I started with nothing and I still have most of it left."
User avatar
1hotjava
Posts: 111
Joined: Mon Dec 20, 2021 8:09 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by 1hotjava »

The part that stopped me from trying PC was the whole linking accounts. You cant even try anything in it without linking an account. Not that I have a huge problem linking accounts, after all I have that with YNAB via Plaid (and that is the only one I have linked, and its not linked to my brokerage accounts), but what If I don't like PC? I've tried so many tools in the past that I just didn't like and figured I don't need one more instance of personal information floating about for something I may not even use.
Last edited by 1hotjava on Wed Aug 10, 2022 9:15 am, edited 1 time in total.
- Paul | Kansas City | "Dont look for the needle in the haystack, just buy the haystack" -Bogle
Bogle-007
Posts: 466
Joined: Mon Jun 20, 2016 5:49 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by Bogle-007 »

Anyone consider that being able to conveniently glance at your entire portfolio daily in the aggregator is a nice security *precaution* that would quickly make you aware of anything funky going on?
User avatar
Wiggums
Posts: 7050
Joined: Thu Jan 31, 2019 7:02 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by Wiggums »

PicassoSparks wrote: Wed Aug 10, 2022 2:30 am
Bh1984 wrote: Tue Aug 09, 2022 9:35 pm I think it's all comical how people say no they wouldn't do this yet browsers have stored passwords,
Since you work in this space and know so much about it: Can you explain the risks of storing passwords in the browser as compared to sharing them with a third party service? What are the threat models you see in each case? How are they similar?
I don’t store passwords in the browser, but there is a difference between a locally stored password on an encrypted drive in your possession versus one given to a 3rd party to store in their database to be used by their automated scripts.
"I started with nothing and I still have most of it left."
H-Town
Posts: 5905
Joined: Sun Feb 26, 2017 1:08 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by H-Town »

NewbieBogle007 wrote: Wed Aug 10, 2022 9:14 am Anyone consider that being able to conveniently glance at your entire portfolio daily in the aggregator is a nice security *precaution* that would quickly make you aware of anything funky going on?
It sounds like a good idea, but it could be a little too late? A better way is to set up notification alert to your email and text message when anything happened to your account (transfer, trade order, changes of account settings, etc.). You can catch it before the money goes out of your account.
Time is the ultimate currency.
jebmke
Posts: 25474
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: Too nervous about giving up my passwords to use Personal Capital

Post by jebmke »

NewbieBogle007 wrote: Wed Aug 10, 2022 9:14 am Anyone consider that being able to conveniently glance at your entire portfolio daily in the aggregator is a nice security *precaution* that would quickly make you aware of anything funky going on?
I realized years ago that having funds spread around in a complex manner was a risk so I went on a simplification binge. First step was to move all the assets to one custodian. Then I started trimming a lot of holdings on an opportunistic basis. Some got dumped in a DAF in 2007 when my tax rate was very high. Others got dumped in the great TLH of 2008-09. I still have a few "remnants" that will get dumped in my DAF when my tax rate goes back up or the DAF starts to look depleted.

edit: I should note that the "risk" I am referring to above was the risk of having a portfolio that wasn't matching my goals, not the risk of account hack. All the bits and pieces were in too many places and weren't adding any value.
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
Lastrun
Posts: 1512
Joined: Wed May 03, 2017 6:46 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by Lastrun »

In the past I used Personal Capital by just manually entering the data and updating it every quarter. This was just the portfolio information, not checking and credit cards. So this is at lease possible to do to see asset allocation and drill down on holdings. I stopped it though, mostly because Quicken, while not a sexy, has similar information on portfolio holdings. I also manually enter into Quicken or download data into it.
yog
Posts: 659
Joined: Wed Jan 15, 2020 11:57 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by yog »

VictorStarr wrote: Tue Aug 09, 2022 11:11 pm
JoMoney wrote: Tue Aug 09, 2022 10:05 pm
Fidelity Customer Protection Guarantee wrote: https://www.fidelity.com/security/custo ... -guarantee
...
What must I do to protect my accounts?
Never share your account access information, including username, password and answers to security questions, with anyone. ...
The same for Schwab, from their Security Guarantee (https://www.schwab.com/schwabsafe/security-guarantee)
Please do not share your account access information, including but not limited to your login ID, password, PIN and transaction codes, with anyone. If you share this information with anyone, we will consider their activities to have been authorized by you.
Schwab position on sharing is very clear.
LOL.

https://www.fidelity.com/security/fidel ... a-security
mr_brightside
Posts: 897
Joined: Sat Oct 17, 2020 3:23 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by mr_brightside »

what could possibly go wrong ??

------------------------------------------------------
User avatar
VictorStarr
Posts: 746
Joined: Sat Jan 04, 2020 9:13 pm
Location: Washington

Re: Too nervous about giving up my passwords to use Personal Capital

Post by VictorStarr »

yog wrote: Wed Aug 10, 2022 10:36 am
VictorStarr wrote: Tue Aug 09, 2022 11:11 pm
JoMoney wrote: Tue Aug 09, 2022 10:05 pm
Fidelity Customer Protection Guarantee wrote: https://www.fidelity.com/security/custo ... -guarantee
...
What must I do to protect my accounts?
Never share your account access information, including username, password and answers to security questions, with anyone. ...
The same for Schwab, from their Security Guarantee (https://www.schwab.com/schwabsafe/security-guarantee)
Please do not share your account access information, including but not limited to your login ID, password, PIN and transaction codes, with anyone. If you share this information with anyone, we will consider their activities to have been authorized by you.
Schwab position on sharing is very clear.
LOL.

https://www.fidelity.com/security/fidel ... a-security
From "Fidelity Access":

The benefits of Fidelity Access

More secure: Eliminates the need for you to share your Fidelity login information
Better control: Enables you to view, change, or remove permission for sharing account data at any time
Enables innovation: Lets you access secure data sharing based on open technology standards
yog
Posts: 659
Joined: Wed Jan 15, 2020 11:57 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by yog »

VictorStarr wrote: Wed Aug 10, 2022 10:49 am
yog wrote: Wed Aug 10, 2022 10:36 am
VictorStarr wrote: Tue Aug 09, 2022 11:11 pm
JoMoney wrote: Tue Aug 09, 2022 10:05 pm
Fidelity Customer Protection Guarantee wrote: https://www.fidelity.com/security/custo ... -guarantee
...
What must I do to protect my accounts?
Never share your account access information, including username, password and answers to security questions, with anyone. ...
The same for Schwab, from their Security Guarantee (https://www.schwab.com/schwabsafe/security-guarantee)
Please do not share your account access information, including but not limited to your login ID, password, PIN and transaction codes, with anyone. If you share this information with anyone, we will consider their activities to have been authorized by you.
Schwab position on sharing is very clear.
LOL.

https://www.fidelity.com/security/fidel ... a-security
From "Fidelity Access":

The benefits of Fidelity Access

More secure: Eliminates the need for you to share your Fidelity login information
Better control: Enables you to view, change, or remove permission for sharing account data at any time
Enables innovation: Lets you access secure data sharing based on open technology standards
Everyone is free to do what they want. Just understand the landscape:
https://www.businesswire.com/news/home/ ... Their-Data
https://riabiz.com/a/2020/5/29/tired-of ... eaner-data
https://akoya.com
https://akoya.com/about
mptfan
Posts: 7217
Joined: Mon Mar 05, 2007 8:58 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by mptfan »

jebmke wrote: Wed Aug 10, 2022 8:24 am I do too (bill pay) but for many of them, the bank issues a check. Still not very many payees are taking eft.
I don't use bill pay, I am referring to paying my credit cards and utilities directly with the provider by providing my bank account and paying directly using ACH. None of my monthly payments involve a physical check.
jebmke
Posts: 25474
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: Too nervous about giving up my passwords to use Personal Capital

Post by jebmke »

mptfan wrote: Wed Aug 10, 2022 11:13 am
jebmke wrote: Wed Aug 10, 2022 8:24 am I do too (bill pay) but for many of them, the bank issues a check. Still not very many payees are taking eft.
I don't use bill pay, I am referring to paying my credit cards and utilities directly with the provider by providing my bank account and paying directly using ACH. None of my monthly payments involve a physical check.
I would like to do that but some of ours don't accept CCs. Semi-rural area. Even some of the restaurants didn't take CCs until the pandemic hit.
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
mptfan
Posts: 7217
Joined: Mon Mar 05, 2007 8:58 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by mptfan »

jebmke wrote: Wed Aug 10, 2022 11:22 am
mptfan wrote: Wed Aug 10, 2022 11:13 am
jebmke wrote: Wed Aug 10, 2022 8:24 am I do too (bill pay) but for many of them, the bank issues a check. Still not very many payees are taking eft.
I don't use bill pay, I am referring to paying my credit cards and utilities directly with the provider by providing my bank account and paying directly using ACH. None of my monthly payments involve a physical check.
I would like to do that but some of ours don't accept CCs. Semi-rural area. Even some of the restaurants didn't take CCs until the pandemic hit.
I am not referring to credit cards either, I am referring to paying directly with the utility or credit card provider using my bank account.
firefox
Posts: 99
Joined: Tue Apr 05, 2022 8:26 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by firefox »

I would like to know what is the panic about. PC has read only access to your account( I asked their tech support). They can see your accounts but can't do anything to them. And for any retirement account which many of us have the high dollars in can't be withdrawn or rolled over without your spousal consent. That is a form of extra layer of security if you are married.
mptfan
Posts: 7217
Joined: Mon Mar 05, 2007 8:58 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by mptfan »

firefox wrote: Wed Aug 10, 2022 8:41 pmAnd for any retirement account which many of us have the high dollars in can't be withdrawn or rolled over without your spousal consent. That is a form of extra layer of security if you are married.
This is not always true. Spousal consent only applies to qualified retirement accounts administered by employers that are regulated by ERISA. Withdrawals from most IRAs, including traditional and Roth IRAs do not require spousal consent. And, needless to say, none of this applies to unmarried people.

https://www.lordabbett.com/en/strategie ... rules.html
Gaston
Posts: 1220
Joined: Wed Aug 21, 2013 7:12 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by Gaston »

OpenMinded1 wrote: Tue Aug 09, 2022 9:31 pm Nope, not doin' it. Never will.
Good for you.

If you give your login credentials to a third party, then you take on a risk, no matter what promises or guarantees the 3rd party gives you.
“My opinions are just that - opinions.”
User avatar
mmse
Posts: 122
Joined: Sun Mar 01, 2015 11:18 am
Location: California

Re: Too nervous about giving up my passwords to use Personal Capital

Post by mmse »

firefox wrote: Wed Aug 10, 2022 8:41 pm PC has read only access to your account( I asked their tech support). They can see your accounts but can't do anything to them.
Could you please elaborate why what they had said convinced you? Did you or did you not provide the user name and password to any of you bank/financial accounts? If you did, what makes you believe what their tech support rep says/thinks?
JBTX
Posts: 11227
Joined: Wed Jul 26, 2017 12:46 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by JBTX »

mmse wrote: Wed Aug 10, 2022 9:09 pm
firefox wrote: Wed Aug 10, 2022 8:41 pm PC has read only access to your account( I asked their tech support). They can see your accounts but can't do anything to them.
Could you please elaborate why what they had said convinced you? Did you or did you not provide the user name and password to any of you bank/financial accounts? If you did, what makes you believe what their tech support rep says/thinks?
I think that is standard procedure, the financial institutions provide a read only back door that allows access to information. This is why most of the time accounts can update without 2fa, although some institutions require 2fa for the aggregator also.

https://krebsonsecurity.com/2019/11/ncr ... ver-storm/


In this instance, crooks exploited the backdoor as a way to go in and read only view accounts, to figure out which ones were worth targeting. They likely got into the backdoor by entering IDs and accounts that users reused from other previously hacked sites. Thus the aggregator backdoor could be used against somebody, regardless of whether they use an aggregator, but only if their password was reused or easily guessed.

The theoretical risk generally called out around here is that an ID and password is stored by third party aggregator and then aggregator gets hacked. I haven’t ever heard that has happened but I guess it doesn’t mean it hasn’t.

As mitigating factors, many financial institutions pull the ID and password directly from the financial software, encrypted, and the aggregator never has the ability to see that information. The aggregator only facilitates the communication.

I wouldn’t be terribly concerned about credit card accounts.

I’d be most concerned about banks with material amounts and brokerages. To the extent the institution has 2fa, even if somebody has ID and PW they still can’t get in.

There are lots of posts speculating that use of aggregators violate terms of service or essentially void consumer protections, but at the same time these companies are working with the aggregators and coordinating electronic coding, communication and presumably enabling them, so it would seem a weak defense, disclaiming liability due to the incompetence of your business partner.

Having said that, there probably is some theoretical exposure there. Nothing is risk free. Offsetting that is the convenience of these tools and their ability to allow you to more easily update and view all of your accounts on a more frequent basis which is a form of protection in itself.
Northern Flicker
Posts: 15363
Joined: Fri Apr 10, 2015 12:29 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by Northern Flicker »

Bammerman wrote: Tue Aug 09, 2022 2:25 pm I'd like to try using Personal Capital, but a lifetime of protecting my passwords keeps me from trying PC out. I've read all their stuff about how well protected their security is and I have no reason to doubt it, but I just can't take that last step into space. Curious if anyone else has had, or is having, this difficulty, and how you handled it.
I will not use a 3rd party service that requires my passwords to financial accounts. Hard pass.
Northern Flicker
Posts: 15363
Joined: Fri Apr 10, 2015 12:29 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by Northern Flicker »

firefox wrote: Wed Aug 10, 2022 8:41 pm I would like to know what is the panic about. PC has read only access to your account( I asked their tech support). They can see your accounts but can't do anything to them. And for any retirement account which many of us have the high dollars in can't be withdrawn or rolled over without your spousal consent. That is a form of extra layer of security if you are married.
Do your financial providers offer separate login credentials for your financial accounts that provide a read only access account for the financial account? How do I get that? It would be useful to have.

I assume that does not exist, and PC has full access to your account, but provides a read only view in their system. Without such a separate read-only login to your financial providers, they still would have login credentials in their possession sufficient to modify your financial accounts.
tibbitts
Posts: 23716
Joined: Tue Feb 27, 2007 5:50 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by tibbitts »

HoberMallow wrote: Tue Aug 09, 2022 8:14 pm
mmse wrote: Tue Aug 09, 2022 6:13 pm
Bammerman wrote: Tue Aug 09, 2022 2:25 pm I'd like to try using Personal Capital, but a lifetime of protecting my passwords keeps me from trying PC out. I've read all their stuff about how well protected their security is and I have no reason to doubt it, but I just can't take that last step into space. Curious if anyone else has had, or is having, this difficulty, and how you handled it.
This is likely to violate a provision in the bank online agreement that prohibits disclosure of the online credentials to 3rd parties. This would likely shift responsibility for fraudulent transactions from the bank to the client. This is the main reason I would never use an aggregator.
Absolutely. Here's the relevant section from Vanguard's "security promise:"
Vanguard wrote: We’ll reimburse you the amount taken from your Vanguard account in an unauthorized online transaction on vanguard.com if you’ve followed the steps described in the Your responsibilities section below.

You should be aware of the risks of sharing your account information: If you share your vanguard.com user name and password, or if you allow someone to access your account information, activities performed with your shared or accessed credentials or information may be considered authorized.
In other words, if you share your password and money is stolen from your account as a result, don't expect Vanguard to reimburse you.
Vanguard still provides and has encouraged customers (at least in the past) to use both generations of its aggregation service (most recently provided by Yodlee), so it would be sort of ironic if they objected to you sharing credentials with such a service.
User avatar
typical.investor
Posts: 5263
Joined: Mon Jun 11, 2018 3:17 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by typical.investor »

Hockey10 wrote: Wed Aug 10, 2022 6:39 am My problem with PC is that their customer service has declined. One of my credit cards has not updated correctly in PC for 5 months. One of my checking accounts has not updated in 3 weeks. I fill out the online help form and they claim they are working on it, but the timeframe for problem resolution is getting longer and longer.
I use Schwab's aggregator and have similar trouble except I fixed it by:

1) making sure I was enrolled with mobile banking. Why I can't explain although Schwab gave me a message about making sure I had a telephone number registered. I did but then turned on mobile banking, and it worked.

2) logged on to an annuity (which I never look at otherwise) and saw there was a new terms of service you had to agree to. I agreed and it works.

Not everything is the aggregators fault.

It's happened a few times too that I needed to re-enter the password. It's the same one they already had but perhaps it got a new security token or something when I did.
EnerJi
Posts: 163
Joined: Fri May 27, 2016 5:03 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by EnerJi »

cjking wrote: Wed Aug 10, 2022 7:54 am I haven't read the thread, but I have searched it for the phrase "open banking" and not seen it mentioned. This is something that I have, in Europe, and a quick google seems to indicate that it's not an unheard of concept in the USA, but I don't know the status of it there.
It's not a term that has entered the common consumer lexicon in the US, but it is used within the industry (e.g. Yodlee, Plaid) and the technology that it describes is beginning to proliferate, at least among the large financial institutions (FIs). It is not (yet) mandated by regulators, so there will be a long tail of smaller FIs who do not support it for many years to come.

For my part, I don't use Personal Capital but the risk is zero for customers who exclusively bank with the large FIs which have implemented API integration with the major aggregators.
mhalley
Posts: 10432
Joined: Tue Nov 20, 2007 5:02 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by mhalley »

Wouldn't the fact that all of the major brokerages have aggregators of their own go against them saying that aggregators are tools of the devil and only an idiot would use one? Fidelity Full view, Vanguard Portfolio watch, etc?
User avatar
typical.investor
Posts: 5263
Joined: Mon Jun 11, 2018 3:17 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by typical.investor »

mhalley wrote: Thu Aug 11, 2022 1:02 am Wouldn't the fact that all of the major brokerages have aggregators of their own go against them saying that aggregators are tools of the devil and only an idiot would use one? Fidelity Full view, Vanguard Portfolio watch, etc?
Come on, aggregators are safe.

The only issue is if using one would be a hassle if your account got hacked. I can't imaging Vanguard really not protecting your assets because you used a reputable aggregator. It'd be too much reputation risk for them I think to deny coverage. I don't think they'd want to do it.

I can imagine though that it might tie things down a lot longer as they look at the account access records to figure out where the fraud originated.

And if on the odd chance that the aggregator got a hack around the time you got a hack, it could be forever for them to determine if the events were related.
aristotelian
Posts: 12277
Joined: Wed Jan 11, 2017 7:05 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by aristotelian »

I created my own spreadsheet that updates in real time using =Googlefinance commands.
User avatar
squirrel1963
Posts: 1253
Joined: Wed Jun 21, 2017 10:12 am
Location: Portland OR area

Re: Too nervous about giving up my passwords to use Personal Capital

Post by squirrel1963 »

No way I'll ever trust a third party.
LMP | Liability Matching Portfolio | safe portfolio: TIPS ladder + I-bonds + Treasuries | risky portfolio: US stocks / US REIT / International stocks
tman9940
Posts: 318
Joined: Tue Aug 11, 2015 11:44 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by tman9940 »

I’m with you. I am tempted to use PC..but there’s just no way in hell I am giving them my passwords to my investment and bank accounts. And their security is probably top notch. But the risk outweighs the benefit of using PC, in my opinion. I’m doing just fine without using it.
OatmealAddict
Posts: 1195
Joined: Fri Sep 27, 2013 4:03 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by OatmealAddict »

I guess it's funny, because I'm typically a pretty risk-adverse person, but between using multi-factor authentication on my accounts and the incredible value provided by aggregators like Personal Capital, I have very little concern regarding their use. I've actually used Personal Capital on a daily basis for the better part of five years now (after being a LONG-time Mint user) and absolutely love it.

I would add that I'm in IT and have a loose, but good enough, understanding of the technologies used. I can totally see how others, especially without that base technology knowledge, would balk at using these services because it does introduce an element of risk - there's no denying that. For me though, the reward greatly outweighs the negligible risk.
Zambeezy
Posts: 35
Joined: Thu Jun 16, 2022 4:49 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by Zambeezy »

This is a great post if for no other reason than it perfectly illustrates where the average Bogleheads forum member deviates significantly from myself and many other younger professionals pursuing financial excellence.

I am absolutely not implying that Personal Capital/Mint/etc. are 100% safe and there is 0% chance of anything ever happening to your accounts...but the absolute fearmongering evident in many of the comments makes me think you guys should never leave your house or even get out of bed if you're that absolutely terrified of what could happen.

If PC/Mint/etc. would provide value to you, use it.
H-Town
Posts: 5905
Joined: Sun Feb 26, 2017 1:08 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by H-Town »

Zambeezy wrote: Thu Aug 11, 2022 9:55 am This is a great post if for no other reason than it perfectly illustrates where the average Bogleheads forum member deviates significantly from myself and many other younger professionals pursuing financial excellence.

I am absolutely not implying that Personal Capital/Mint/etc. are 100% safe and there is 0% chance of anything ever happening to your accounts...but the absolute fearmongering evident in many of the comments makes me think you guys should never leave your house or even get out of bed if you're that absolutely terrified of what could happen.

If PC/Mint/etc. would provide value to you, use it.
This is the first time I saw the term "financial excellence".

But this isn't the first time I saw a person is so confident to make absolute statement using 100% safe or 0% chance of anything. It sounds like the exact opposite spectrum of the people who won't get out of bed. It's fine to say that the risk is minimal and you are comfortable with such risk.
Time is the ultimate currency.
Morik
Posts: 1344
Joined: Tue Nov 25, 2014 11:26 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by Morik »

I use PC and have for years with no issues.
I work in software professionally, though not in the security domain. I don't have any significant security concerns with PC.

I use them to get all my transactions in one place when I'm updating my portfolio management spreadsheet. This shows dividends/payroll contributions to 401k/etc all in one place.
MadAsgardian
Posts: 89
Joined: Sun Mar 21, 2021 5:35 am

Re: Too nervous about giving up my passwords to use Personal Capital

Post by MadAsgardian »

squirrel1963 wrote: Thu Aug 11, 2022 2:03 am No way I'll ever trust a third party.
You’re trusting your ISP (and several others) to protect your login details.
User avatar
mmse
Posts: 122
Joined: Sun Mar 01, 2015 11:18 am
Location: California

Re: Too nervous about giving up my passwords to use Personal Capital

Post by mmse »

The number of people who supposedly give their banking credentials to 3rd parties is surprising. While somewhat sad, I suppose, the upside is that I may not be the "lowest hanging fruit". They say that to escape a bear, one does not need to run faster than a bear, just faster than another guy.
AlwaysLearningMore
Posts: 1934
Joined: Sun Jul 26, 2020 2:29 pm

Re: Too nervous about giving up my passwords to use Personal Capital

Post by AlwaysLearningMore »

H-Town wrote: Tue Aug 09, 2022 6:50 pm To those people who said "No" to PC, I have a couple of questions:

1) When you use TurboTax to import trades / 1099-B, do you enter the user ID and password?
Don't use TurboTax. Work with a CPA instead. I trust her more.

2) When you link your accounts, many banks use plaid to connect the accounts. Do you use enter user ID and password? PC used the same plaid connection that are used widely in the bank industry.
Don't do this. The banks don't need to know my passwords, either.

3) For those who use password managers or browser password manager (Chrome, Safari, iCloud chain), how confident are you with your password saved to the cloud? Remember iCloud can be hacked. Remember celebrities pictures on iCloud have been hacked before?
Have never, and have no intention of ever, used a password manager.

4) When you type in your userID and password, how confident are you that your laptop does not have a keylogger? If you browse internet regularly, there is a good chance to you run into some malicious websites.
Only access financial institutions from my desktop computer. Multiple layers of protection from spyware, malware, etc. Along with 2FA.

I'm just curious what people think.
Retirement is best when you have a lot to live on, and a lot to live for. * None of what I post is investment advice.* | FIRE'd July 2023
Post Reply