Mint and similar websites

Not open for further replies.
Mar 21, 2004
Near the beach in Delaware
How comfortable are people giving Mint and similar websites the passwords for all your banking websites? I use LASTPASS and it has all my passwords stored, but they are encrypted on my computer with my encryption key so whatever LASTPASS has on their server is useless to LASTPASS employees or others. While Mint could encrypt it on their website when they store it, it has to be unencrypted for them to use it. Not sure the advantages outweigh the security risks.
I have mine stored on a old small sized thumb drive and printed out a complete listing. For an off site storage would store the file using some off line encryption like that offered with 7-Zip in case the house burns down, etc. Just don't forget the password that you used in Z-Zip.
I've been giving this some thought also; I'd rather not use a remote location pw management service. I've decided to use KeePassX on my local machine and my work site as a remote storage location. In a demonstration of pure paranoia, I have installed a VirtualBox instance of LinuxLite, loaded keepassx and then removed the networking portion of the VirtualBox OS, perfectly sandboxing my keepassx on something with no internet access.
I know a lot of people who have been using Mint for years and love it. It really is great, but I'm not comfortable putting all my login information in one place like that. Don't get me wrong, Mint is a trusted resource, and I'm sure they encrypt and properly secure all your login information. I have no reason to doubt that they are taking all the necessary precautions to secure everything, but I'm still not comfortable trusting them with all my financial login information.
If you're using strong passwords, you really have nothing to worry about. Anyone who does break in is going to try and brute-force the easiest ones like "12345" and "password".
I have all 20 - 30 character unique passwords all managed by LASTPASS. But I also assume that passwords or accounts will be compromised. So I have a few credit cards and never use the debit card linked to the checking account where my paycheck goes into. And if I use that card for ATM, its at one of that banks ATMs. Mint just seems like too many people in one place. Sophisticated hackers use some form of phishing to obtain initial access, then go from there. I doubt too many use brute force.
Not open for further replies.