How secure is YNAB?
October 16, 2016 5:23 AM Subscribe
I abandoned Mint after a programmer friend told me that if your bank account is compromised, and you've ever given your password to a third party, the bank can call the breach your fault and you're out of luck. Does You Need A Budget have the same problem?
That's about it. We'd like to try YNAB for getting our household finances in order, but I'm concerned that giving our PW to YNAB might mean that, in the event one's account is broken into, the bank will say "not our fault" and wash their hands of the mess. Is that the case with YNAB too? Mint wasn't really working for me anyway.
(And I believe that there is an old and new version of YNAB, one in which you download the relevant info [more secure] and a new one in which it's downloaded automatically [less secure.] is that the case?)
That's about it. We'd like to try YNAB for getting our household finances in order, but I'm concerned that giving our PW to YNAB might mean that, in the event one's account is broken into, the bank will say "not our fault" and wash their hands of the mess. Is that the case with YNAB too? Mint wasn't really working for me anyway.
(And I believe that there is an old and new version of YNAB, one in which you download the relevant info [more secure] and a new one in which it's downloaded automatically [less secure.] is that the case?)
I use the old/classic YNAB, and it has no interface with my bank. I manually download transactions from my bank, save them locally, and import them.
posted by hijinx at 6:13 AM on October 16, 2016 [5 favorites]
posted by hijinx at 6:13 AM on October 16, 2016 [5 favorites]
I am a huge YNAB fan. I used the “old” version for years and just switched to the new one. While the new version has the option to allow the software to log in to your bank accounts to reconcile balances, it is absolutely NOT required. In fact, I find manually reconciling accounts every week or two keeps my budget much more accurate.
You should be aware, though, that YNAB is quite different from Mint; it incorporates a specific budgeting philosophy and set of techniques.
I love the YNAB “method” and it has utterly improved my financial life, but it isn’t for everyone.
posted by dickyvibe at 6:15 AM on October 16, 2016 [4 favorites]
You should be aware, though, that YNAB is quite different from Mint; it incorporates a specific budgeting philosophy and set of techniques.
I love the YNAB “method” and it has utterly improved my financial life, but it isn’t for everyone.
posted by dickyvibe at 6:15 AM on October 16, 2016 [4 favorites]
Also a big YNAB fan. You can download transactions from your bank and import them manually into the online version. They say:
Recommended: .OFX or .QFX
Sometimes called Money or Quicken files.
Supported: .QIF
Only use this if a .OFX or .QFX file isn't available.
Not Recommended: .CSV
Only use this option as a last resort.
My credit cards don't offer OFX or QFX statements so I manually enter everything. It works fine. I prefer the new/online version because I can manage my budget either from home or work (or my phone!), I never managed to get on with the old offline version.
posted by corvine at 6:23 AM on October 16, 2016
Recommended: .OFX or .QFX
Sometimes called Money or Quicken files.
Supported: .QIF
Only use this if a .OFX or .QFX file isn't available.
Not Recommended: .CSV
Only use this option as a last resort.
My credit cards don't offer OFX or QFX statements so I manually enter everything. It works fine. I prefer the new/online version because I can manage my budget either from home or work (or my phone!), I never managed to get on with the old offline version.
posted by corvine at 6:23 AM on October 16, 2016
I use the classic version of YNAB, but as dickyvibe says, even with the new version there is no requirement to use the "Direct Import" feature: you can enter your transactions by hand or download a transaction file from your bank's website and import it into YNAB manually. Relevant section of the new YNAB handbook.
posted by Secret Sparrow at 6:24 AM on October 16, 2016
posted by Secret Sparrow at 6:24 AM on October 16, 2016
I believe Mint and YNAB both use the same under-the-hood service for imports (Finicity), so if you're uncomfortable with Mint, you won't want to use the direct import feature in YNAB either.
It's not 100% obvious to me how Finicity handles bank login credentials, but I suspect they do have to store them, since a lot of banks don't seem to have the style of authentication where you can tell Service A that Service B is allowed to access it without ever giving Service B your actual password for Service A.
posted by dorque at 6:28 AM on October 16, 2016 [2 favorites]
It's not 100% obvious to me how Finicity handles bank login credentials, but I suspect they do have to store them, since a lot of banks don't seem to have the style of authentication where you can tell Service A that Service B is allowed to access it without ever giving Service B your actual password for Service A.
posted by dorque at 6:28 AM on October 16, 2016 [2 favorites]
I am a programmer working on a (non-consumer-facing) banking web app. In my work I have learned that many banks have weird requirements about security that reflect old concerns that aren't actually a huge deal any more. As such, if you give your password to Mint or YNAB or your Uncle Jeff, you may be in violation of your bank's online banking TOS and if your money is stolen using your password, they might not consider themselves to be liable.
However! The chances of your money being stolen because you gave your password to Mint or YNAB appear to be pretty low - i.e. it does not seem to have happened to anyone yet, and millions of people have used these services for years.
To me these bank policies are more of a reason to change *banks* than to change third-party budgeting services. Some banks even have special authentication systems that are intended to be used by third-party services (CapitalOne, for example).
posted by mskyle at 7:12 AM on October 16, 2016 [7 favorites]
However! The chances of your money being stolen because you gave your password to Mint or YNAB appear to be pretty low - i.e. it does not seem to have happened to anyone yet, and millions of people have used these services for years.
To me these bank policies are more of a reason to change *banks* than to change third-party budgeting services. Some banks even have special authentication systems that are intended to be used by third-party services (CapitalOne, for example).
posted by mskyle at 7:12 AM on October 16, 2016 [7 favorites]
I had the same concern when testing the new YNAB. A little digging in the customer support section of my banks' websites showed that they both had a place where I could create "read-only" user accounts for sites like YNAB and Mint. I did that and was able to import my transactions without any problems. Even if someone gets ahold of the usernames/passwords there's nothing they can actually do to my accounts.
posted by belladonna at 9:12 AM on October 16, 2016 [1 favorite]
posted by belladonna at 9:12 AM on October 16, 2016 [1 favorite]
« Older Did my gas stove emit carbon monoxide? | Can I leave a good job because I don't have any... Newer »
This thread is closed to new comments.
posted by COD at 6:07 AM on October 16, 2016 [2 favorites]