Disclaimer

The content of this blog is my personal opinion only. Although I am an employee - currently of Nvidia, in the past of other companies such as Iagination Technologies, MIPS, Intellectual Ventures, Intel, AMD, Motorola, and Gould - I reveal this only so that the reader may account for any possible bias I may have towards my employer's products. The statements I make here in no way represent my employer's position, nor am I authorized to speak on behalf of my employer. In fact, this posting may not even represent my personal opinion, since occasionally I play devil's advocate.

See http://docs.google.com/View?id=dcxddbtr_23cg5thdfj for photo credits.

Saturday, December 27, 2008

Financial websites - why not read-only access?

I've been thinking about switching from Quicken on my PC, to a web-based financial tracking site.

Something like
  • Quicken Online - lousy features compared to Quicken PC, mainly for beginners
  • Yodlee MoneyCenter
  • Mint - apparently professional, but a bit fascist, doesn't make it easy to have user defined categories
  • Wesabe - emphasizing social networking

There are many, many, others.

Motivation:

  • I have too many computers. I want o be able to access from work, and from home, and from my phone, and...
  • I'm tired of having to re-set things up when I switch PCs. And, no, the migration tool seldom works, usually because I can't power up the dead machine to migrate from.
  • I want my wife and I to be able to simultaneously access
  • Basically, I have just about given up on having a personal computer. Or is that "a single personal computer". If my company IT allowed me to use my personal machine at work, then maybe; but they don't, so I am being pushed away from the PC-centric model to the web-centric model.

The security implications are scary: one website, with access to all of your passwords and accounts for other financial websites.

Wesabe makes a point of its security model: apparently they store the passwords, etc., on your PC, and never put the passwords onto their server. I imagine they run some client side code that accesses your other financial sites, and then filters it to upload to Wesabe.

  • But, then Wesabe may not allow the sort of ubiquitous access I desire. Does it?

Mint emphasizes that their access to your financial data is read-only. They also emphasize that the actual passwords, etc., are stored. not at the Mint site, but at Yodlee - which apparently provides such services to many banks already.

  • One poster points out that this is all well and good, but if the hacker is inside Mint or Yodlee, then... Well, this poster says that they should at least be bonded to indeminfy the user against that risk.
  • Wesabe says the developed their own screen-scraping approach to accessing finanicial websites, in part to allow them to be free as long as possible, and not to have to pay fees to Yodlee.

OK, okay, so security is an issue.

So, the thought occurs to me: why can't I give this "aggregating" sites like Mint and Wesabe read-only access to my other financial websites? Read-only access to my bank, my 401K, etc.?

Most of the things that I want to do on such a site are read-only - track my investments, look at my asset allocation and ensure that it is balanced across all of my investment accounts at different sites, etc.

I'm reasonably happy NOT to be allowed to make changes to my investments from the central site - to have to log in to my stockbroker or 401K site separately.

Sure, even read-only access to my various fnancial account websites would be a treasure trove for the ID thief. Account numbers, maybe even SSNs (although one might hope those could be filtered out). Things that a social engineering attacker could use on the customer support phone line. Nevertheless, such read-only access would be a lot less risky than allowing read-write access, with the ability to change mailing addresses, etc.

Trouble is, all of my financial services web.accounts give me one account login, and one password, that provides full access to the entire account.

It seems that this could be changed... Let's start writing letters...

---

This is just yet another example of the Principle of Least Privilege. Of how it should be possible to split a particular security role into smaller pieces.

I switched the site that I keep my resume and CV on to Google Docs: http://docs.google.com/View?docid=dcxddbtr_6dvpxg2cj

Hitherto it was on geocities. I have left the geocities site around, with forwarding: http://www.geocities.com/andrew_f_glew, but I will no longer update it. Actually, I haven't updated it in years, since it was too painful.

It's a little bit sad. The Geocities/Yahoo site gives me reasonable URLs, while the Google site gives me ugly, goobledeygook, URLs. But the Google site is much easier to use for me, the content creator.

Also, the annoyance: I retargeted links from my LinkedIn pages, but there will probably be other stale links around that I will not retarget.

---

More annoyance: as I say above, I had not updated the Geocities site in years. And, apparently, I had not read any email at the corresponding yahoo account in years. I had completely forgotten about it.

Yahoo won;t let me forward email as it comes in, or use POP, or even bulk forward a mass of email - so the email accumulated there will moulder. Pity - I saw some email from friends I had fallen out of touch with.

But at least Yahoo allowed me to put a vacation message on it. Although I will have to remember to extend the vacation once every few years.

Moral: don't use a web based service, such as a webhost or webmail, unless you can automate getting your data off,

Hmm... how hard is it to download all of my Google data? Mail? Blogs? Docs?