← Back to context

Comment by eastbayjake

2 hours ago

When using a government website, you were intimidated by the security posture of... Plaid? (Genuine question, maybe this was some other provider but Plaid's aggregator tool is the most common place I see this pop up in real life for ACH)

3 comments

eastbayjake

Reply
clickety_clack  2 hours ago

I personally have _no idea_ what the security posture of plaid is. I know they're a startup and made a bit of noise a few years ago, but if I was trying to buy something and a third party app popped up saying, "hey give me total access to withdraw directly from your bank account for a sec", why on earth would I say yes to that?

It also seems to go against common security advice. "Never log into your back account if redirected by a website you sort of, but don't really trust, except sometimes its alright and it's up to you to tell the difference" is a terrible way to secure banking.

  • lxgr  38 minutes ago

    Nowadays Plaid uses OAuth for many banks, but the real problem is and always has been that they get full access to your transaction data and pass it on to their users.

axus  2 hours ago

If any site asks me for my bank login credentials, I run far away and start checking if I've made any security mistakes. So far Paypal is the only credentials I'll enter after a redirect.