And speaking of Security – an update on Mint.com

I’d been very happy with them for a long time, stopped really regularly checking up on them for a while, then I get an e-mail. The e-mail says that they’ve updated their authentication system with one of my banks to be more secure and says I’ll need to re-enter my credentials to get Mint.com hooked up again.

“Well,” think I, “that seems like a reasonable request.”

So I go to log into Mint.com, read up on the changes and re-enter my credentials. The thing grinds away for a little while and then says I have to go to my bank and change my settings. I read up on that and I find out that Mint.com is suggesting that I reduce my bank login security so that Mint.com (a free service, which we know by now means they’re selling me as the product to their advertisers) can still work with my bank.

I got a little pissed.

In case that post gets deleted, here’s the text:

You want me to turn off [nagra(ID)] with [my bank]? How about “No.”?
In your I’m having problems with the security challenge when adding my account FAQ, you say that the only solution for customers using [nagra(ID)] is to disable [nagra(ID)]. You (Mint.com) claim to be a security aware company, yet you require that your customers disable the second factor in a fairly secure 2-factor authentication system in order to use your free service? My response is that another suggestion is to stop using Mint.com for a while until you sort your security issues out with [my bank].
I find this suggestion reprehensible. After all, you are making money off of my traffic and interest in finances by selling my attention to folks who want signups for bank accounts, loans, credit cards and other programs. I know this because to me the service is free. So your revenue sources must be the services you “find” for me. Given that I’m the product being sold, are you also selling my gullibility? Hey Product, why don’t you get more valuable by lessening your overall financial security? There’s a good Product.
What is your estimated delivery date on finishing your authentication system that works with [nagra(ID)]? Until then I’ve deleted all the external account information in my Mint account and am on the verge of entirely deleting the Mint.com account too.
It’s so disappointing when folks you decide to trust turn out not to deserve it.