Latest responses to “Password and Security Concerns Regarding Usage of Yodlee” Copyright 2013, MoneyBlueBook.com 445040 2010-07-05T23:47:12-07:00 Lungfixer I felt the EXACT same way as Kysh when I read the "Terms and Conditions" disclaimer waiving ALL responsibility for ANY loss associated with the use of Yodlee. I'm not a security specialist, but I'm certainly no "technophobe". I do my banking, pay ALL my bills and make at least 80% of my purchases online...but I'm just not comfortable allowing one site to have sensitive information which would allow access to all my financial accounts...especially if they cannot be held accountable if something goes awry. Just my 2-cents. 445030 2010-07-02T17:17:11-07:00 Kysh Convenience is the most easily exploited security hole, and the attitude towards security in this article is ...painful to anyone who is significantly security conscious; denouncing 'us' as technophobes is foolhardy, considering that many of us who find the security of such an arrangement questionable are security specialists who make our living by architecting and securing infrastructures like Yodlee. I was recently asked to use Yodlee by a third-party site to verify my account information. Part of the 'terms and conditions' I was expected to click through was the following: ... [The third-party] AND YODLEE MAKE NO WARRANTY THAT (i) THE SERVICE WILL MEET YOUR REQUIREMENTS, (ii) THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE ... ... And a boilerplate 'we accept absolutely no responsibility and may not be held liable for anything, any type of damages, for any reason, including but not limited to': ... (iii) UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS OR DATA; ... A trend I've noticed is that a step above technophobes are technophiles, and those people often tend to be in other industries, or ancillary parts of the technology industry like staff writing. They feel that technology can do no wrong, and that it's only bad people to be held responsible for security breaches, when in fact, it's bad practice, not bad people, that expose data. Giving your account data to a third party, however convenient, is potentially dangerous. It bypasses many protections built into the system. To be frank, much, if not most, of the security that exists in this day and age is bad security, and to trust someone because they say "We're secure! (but, uh, we don't guarantee that, and don't even think of holding us liable!)" is simply naive. I realize this posting is old, but I came across it while searching for references to yodlee, and I'm commenting here in the event that someone else does the same. -Kysh