tag:infinitekind.tenderapp.com,2009-01-14:/discussions/online-banking/22663-plaid-securityInfinite Kind: Discussion 2022-09-07T12:00:19Ztag:infinitekind.tenderapp.com,2009-01-14:Comment/545657022022-06-06T18:21:39Z2022-06-06T18:21:39ZPlaid security?<div><p>Yesterday I setup Moneydance+ This morning I had 2 emails from my CU warning of logins on my account.<br>
Log says 1:03 AM & 6:58 AM using Firefox 59.0<br>
Definately was not me at those times and I don't use Firefox regularly. My version of Firefox is 100.0.2</p>
<p>This does not give me a good feeling about using Moneydance+</p></div>jestag:infinitekind.tenderapp.com,2009-01-14:Comment/545657022022-06-06T18:26:08Z2022-06-06T18:26:08ZPlaid security?<div><p>Well Plaid has to login to your account. So perhaps it was that?</p></div>Stuart Beesley (Mr Toolbox)tag:infinitekind.tenderapp.com,2009-01-14:Comment/545657022022-06-06T18:29:12Z2022-06-06T18:29:12ZPlaid security?<div><p>for reference Log entry, assumably during setup by Plaid:<br>
Yesterday 6:13 PM Firefox 59.0</p></div>jestag:infinitekind.tenderapp.com,2009-01-14:Comment/545657022022-06-06T18:29:58Z2022-06-06T18:29:58ZPlaid security?<div><p>Stuart Beesley: at 1 AM?</p></div>jestag:infinitekind.tenderapp.com,2009-01-14:Comment/545657022022-06-06T18:51:32Z2022-06-06T18:51:32ZPlaid security?<div><p>I think that Plaid logs into accounts and downloads and caches the data at certain times of the day. Anyway, I’ll bow out and let the experts comment.</p></div>Stuart Beesley (Mr Toolbox)tag:infinitekind.tenderapp.com,2009-01-14:Comment/545657022022-06-08T01:49:15Z2022-06-08T01:49:15ZPlaid security?<div><p>I've decided to cancel Moneydance+<br>
I'm seeing way too much access to my CU account, since starting Moneydance+ The activity is not related to whether or not I have opened Moneydance.<br>
No way I would feel comfortable adding my investment account...</p></div>jestag:infinitekind.tenderapp.com,2009-01-14:Comment/545657022022-06-08T11:59:01Z2022-06-08T11:59:01ZPlaid security?<div><p>Hi Jes,</p>
<p>Sorry to hear you have decided against using Moneydance +.</p>
<p>I thought I would mention this anyway, for future reference:</p>
<p>Usually Plaid will redirect your browser to the bank's site which authenticates you directly. Neither Plaid nor Moneydance ever sees your password or even username for that matter. The bank redirects your browser back to Plaid with a token that is used to access your accounts at that bank for some period of time.<br>
As soon as the access token is acquired by the Moneydance+ server, it is encrypted using the public key from your linked data file. That means that only your data file can ever decrypt that access key, and even our server cannot access it.<br>
We made every effort possible to not require the Moneydance+ server at all and have all communication go between Moneydance and your bank or Moneydance and Plaid. Unfortunately, that is simply impossible. So we went with the route where the MD+ server is the smallest most basic piece that sees as little information as possible.<br>
In conclusion, when MD downloads transactions, it has to go through the MD+ server which authenticates your data file's public key and then basically pipes the connection through itself to Plaid which returns your transactions.<br>
(logging nothing)</p>
<p>This specific <a href="https://infinitekind.com/blog/moneydance-plus-privacy-subscriptions">blog page</a> might be of your interest as well.</p>
<p>I hope this information is helpful. Please let us know if you have further questions or need more assistance.</p>
<p>--<br>
Maddy, Infinite Kind Support</p></div>Maddy