On 17/07/2020 10:12, 'Zahan M' via Beancount wrote: > I also did my best to eliminate the drudgery and ended up using Plaid > for my import scripts: https://github.com/zahanm/collect-beans > They're a company that offers a financial API as a business model. If > you sign up as a developer, you can probably make use of their > "development" API for personal use for good. > The issue is that in order to provide this API, they basically store > your credentials and talk to your bank directly.
A company that maintains an handy database of back account credentials, I bet no criminal is interested into probing their security :-) I haven't checked their term of services, but I am pretty sure they decline any responsibility if your credentials are stolen (also it would be very hard to prove that they have been indeed stolen from them if this happen and who does it is just enough smart). Unlikely a bank, that is responsible and looses money if they get hacked, I don't think they are. Thus, they security posture is probably the one of most companies out there dealing with customer data: "good enough", where "enough" is usually "enough to do not look completely stupid if they hack us". And when they get hacked they will have a good opportunity to sell you their premium "protection plan" and make some extra money on top (see Equifax case). Your personal credentials stored on your computers are generally ok (unless you don't store credentials to account that handle millions), because getting to them is a lot of work for a modest return. But put many credentials in the same place and it become a completely different game. Cheers, Dan -- You received this message because you are subscribed to the Google Groups "Beancount" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/beancount/5a29cc9f-47ea-4beb-a134-bab8abc1beb0%40grinta.net.
