I've been noticing a trend among web apps for the past couple years. They want you to be very trusting.
As the new year rolls in, I thought I would take a look at some personal finance apps. Specifically, Mint and Wesabe. I saw a panel discussion at South By Southwest a couple years ago that included one of the founders of Wesabe. I was interested in the concept at the time, but thought I'd give them a little time to get their house in order. Finances are frustrating enough without dealing with "beta" software.
About the same time I heard about Wesabe's competitor, Mint. And Twitter was just beginning to explode.
In any case, I didn't make it past the second screen of the Mint or Wesabe signup process.
I love that there are new great things to be done on the web, but what I don't like is that all three of these apps ask me to trust them with an awful lot. Twitter asks me for my email password. You know, the same one that allows me to reset my password on just about every account I have. Wesabe and Mint take it a step further. They want my bank account password. I was blown away. They want access to the password that would allow people to withdraw cash or close my accounts.
If I walked up to you and asked you for your bank credentials and told you I just wanted to show you something cool, you'd probably want to punch me in the throat. But that is exactly what all of these sites are doing. They're saying "trust us - we know what we're doing."
And I want to trust. Heck, the guy from Wesabe seemed like a nice man. I practically met him at SXSW! But what about the guy he hires? What about the hundreds of hackers throughout the world who see a startup collecting bank info. I bet it's a lot easier to hack a startup than an actual bank... So why, again, should I trust?
I've been called paranoid for not allowing 3rd parties to have my email password. I suppose I am a little. After all, Google has it. I've even written a test app that asks for an email password myself (I never released it, however). But my bank account? The only ones who have that are the banks. And they're on the hook for my money.
So sorry, Mint & Wesabe. I want to use your products, but I just can't do it if you're going to ask me for the keys to my life savings.
How do we fix this? It kills me that I'd probably be just fine using all this stuff but I still can't bring myself to pull the trigger. The consequences of a breach, no matter how remote, are truly dire.
This strikes me as a huge business opportunity, but I haven't the foggiest idea how to solve the problem.
1 comments:
I work at Wesabe, and we take the issues you raise extremely seriously. So seriously, in fact, that we allow you to use Wesabe simply by downloading your statements yourself, and then uploading the files to us. There is a link to the manual upload process in the sidebar while you are adding an account.
If that still sounds like too much hassle, the Firefox uploader allows you to automate the process of visiting your bank, logging in, downloading your statement, and uploading it to Wesabe. The script is encrypted and saved only to your hard drive, and not shared with us. You can download it at: https://www.wesabe.com/uploads/new/firefox
Post a Comment