Comment by eastbayjake
2 hours ago
When using a government website, you were intimidated by the security posture of... Plaid? (Genuine question, maybe this was some other provider but Plaid's aggregator tool is the most common place I see this pop up in real life for ACH)
I personally have _no idea_ what the security posture of plaid is. I know they're a startup and made a bit of noise a few years ago, but if I was trying to buy something and a third party app popped up saying, "hey give me total access to withdraw directly from your bank account for a sec", why on earth would I say yes to that?
It also seems to go against common security advice. "Never log into your back account if redirected by a website you sort of, but don't really trust, except sometimes its alright and it's up to you to tell the difference" is a terrible way to secure banking.
If any site asks me for my bank login credentials, I run far away and start checking if I've made any security mistakes. So far Paypal is the only credentials I'll enter after a redirect.