After posting the blog “Mint.com asks the unthinkable – my bank account password“, I got a number of replies trying to justify why Mint’s asking for the username and the password of every bank account is not a big problem.
The justifications go along these lines:
- They have top notch, bank-level, biggest-and-baddest security and protection
- They are so big, have so many resources, and have so much to lose, that they’ll fight to the death to prevent a successful hack
- They have a similar risk profile and implementations as other trusted solutions
- The risk of the data being stolen from Mint is so low to be virtually zero
While all of the above may be true, there is still a non-zero chance that data breach may occur and those usernames and passwords may end up in the wrong hands.
If, on the other hand, Mint did not ask for and did not store the passwords, there would be exactly zero chance that a breach of Mint’s security would compromise the passwords.
You simply cannot divulge a secret you don’t know
So, when you create a system, design it in a way that it does not need to know or store secrets.
Only then would you be able to guarantee 100% security, instead of having to explain and caveat the system’ s security strengths through statements (like this one) talking about “bank-level”, “guards”, and “mantraps”.