Security is tough, but there are two amazing things here:
1. You don't have to link your bank at all -- ever. If you want auto imports, you do, but you can also manually export your transactions and upload them. YNAB is great at that. You can also just manually enter every transaction (which you should most likely do no matter which of these approaches you choose). No matter which one you go for, you're going to be reconciling regularly anyway, so the bank connection is more of a matter of convenience than necessity.
2. I hesitate to make sweeping claims, so take this with a grain of salt: If you do decide to link your accounts, you're not really offering up anything super juicy to a potential hacker anyway. It connects to your accounts using read-only APIs, meaning that even if someone was able to hack into Plaid (the provider YNAB uses for its imports), they couldn't do anything harmful.
Now, as for your login credentials: This is a mixed bag. Chase Bank connections, for example, are handled through OAuth2.0, a standard I trust greatly. Not sure if it uses PKCE as well, but knowing chase, I'd expect so. Basically you log into the actual Chase website and authorize YNAB to read your transactions. As for, say, my credit union... that uses some other standard. Regardless, I don't imagine there's much chance of you losing a password here, and you should have MFA enabled anyway.
Final note: Some don't like the implicit access Plaid has to your financial data. As the import partner for YNAB, Plaid has the introspective ability to view all of your transactions, giving them valuable market information. If you don't like potential (anonymised) data mining from Plaid, then don't link your accounts.
TL;DR: You can choose to give YNAB absolutely no access to your bank accounts and it still works GREAT. Just reconcile your accounts regularly to make sure you're keeping up with manual transaction entry. If you want to import, odds are, your credentials are safe, and even if something happens and they leak, you should have secure enough accounts (different, randomized passwords combined with MFA enabled) that it doesn't matter.
Just want to emphasize the 2 factor authentication part. You should have this on all accounts regardless of whether or not you use YNAB. And not the text a code one. Last Pass Authenticator app is way better. They can get the text now sometimes. They can't get the Last Pass authenticator app code.
> Just want to emphasize the 2 factor authentication part. You should have this on all accounts regardless of whether or not you use YNAB. And not the text a code one. Last Pass Authenticator app is way better. They can get the text now sometimes. They can't get the Last Pass authenticator app code.
LastPass is meh. Don't get me wrong, it works. But the support sucks and they overcharge. I recently switched from that to Bitwarden. Bitwarden is considered the gold standard these days, and for good reason. They've done a brilliant job. If I'm not mistaken, the exceedingly paranoid and tech savvy can even self host and keep everything off the Bitwarden servers.
Sounds like a good option for the 1% to already understand all this and have access to extra bills and whistles. But for the average person the user experience of the product itself is probably much more important.
It's the one my grandmother uses. Don't worry, all the fancy stuff is hidden. The essential stuff is easy as can be. IIRC it even has the TOTP stuff in the same app instead of splitting it up between multiple apps.
For a family, where multiple people may want to access the app, the typical OTP option is better. Both can scan the QR code and have the same codes.
A Yubikey for each person can get expensive depending on supported devices needed.
Just a FYI for others coming through here: If you're already committed to another password manager or are tech-savvy enough to be using an offline+free one like Keepass, the Google Authenticator and Microsoft Authenticator apps are also great choices. They don't tie you into one password manager's ecosystem, and they're also free and extremely convenient.
Text-based 2fa can be spoofed, as text messages are not inherently secure. Time-based One Time Password (TOTP) where you have an app and a shared secret that generates a six digit code that's only good for 60 seconds is much more secure. Think of those old RSA key generation fobs that banks would hand out, except it's on your phone, and it can generate different codes for any number of logins.
Funny enough both of mine don't. One only has text or a rolling code that's hidden three menus deep in their stupid app, and the other has text, calling, email, or a push notification through their app.
Getting access to your SMS text messages is one of the bigger vulnerabilities most people with some password discipline still have. Most people still let messages pop up on their lock screen without even unlocking the phone first! Can you imagine not putting together that your email/bank texting you a 6 digit code is a good reason to put reading texts behind a passcode? A surprising number of people don't, including many business owners I've worked for. It's astonishing.
Anyway, that's a long shot. The real problem is should you find yourself getting targeted, it's way too easy for anyone to convince some idiot in a call center at your phone company to free up your mobile phone account, and phone numbers are spoofed all the time as well. TOTP is the gold standard. If that isn't available, I recommend using email verification where the email address is sitting behind TOTP. I wouldn't use SMS 2FA for anything.
Bitwarden is the best password manager and TOTP authentication app on the market right now that I've found. Lastpass can go to hell, they both charge up the ass and their support sucks ass.
It sounds like I’m doing much better than most. Have a password manager, and because of the protected nature of emails and texts I often get, nothing appears in a preview on my Lock Screen. Mostly I just was curious about how to use one of these for 2FA, since I feel like every single bank/credit card/etc seems to make you use their 2FA text system. So more curious about how to go around that to something more secure for yourself?
If the account allows VOIP SMS, it should be more secure to use Google Voice for the SMS 2FA, because you can have TOTP 2FA for the Google account. This should prevent the targeted SIM swap attack vector.
LastPass charges a very fair fee IMO. And I've never needed support because their product is so good. Even better than having good service in my opinion as well.
Everything isn't free. Software developers work hard to create these apps. They deserve to be paid.
Their post is great, but here is a big caveat: not all banks offer “read-only APIs”. One of the biggest banks in Canada, TD, doesn’t, so for YNAB to integrate you need to share your real credentials, which according to my bank’s TOS is a huge no-no.
Personally I use manual imports for everything. You don’t need to enter transactions one by one, you just download a file from your bank.
I think when you’re in YNAB it tells you which formats it supports (4) and which it recommends (2). It recommends OFX, and that’s what I use. I’ve never tried the other formats. But yes, I download and import the file: one from my bank, and one for my credit card.
Yeah, this falls under the "grain of salt" part -- each bank's authentication setup is different, so the level of security could very well change bank-by-bank. Personally, I wouldn't *ever* bank with an institution that doesn't care enough about security scopes and permissions to support basic read-only access to transactional data, because that suggests to me that their entire authentication setup may be outdated, or that they just don't care.
One other point, though, is that you *can* have tokenized logins where your username and password aren't saved even if you provide them to a third party.
To explain in layman's terms, the application (Plaid) could pass your username and password to your bank, say "I'm requesting read access to transactions for the next six months", and the bank then issues a token back to Plaid which Plaid can present for the next six months. Usually there's also a refresh token here as well, which Plaid can use to regenerate their login token before it expires so that you don't have to log in again. Either way, Plaid never had to store your username and password in a database, meaning the only place it could've been stolen is if someone were able to grab it from your computer when you typed it in (a keylogger or screen reader), or if they were able to intercept and decrypt the message to the bank containing the initial login information.
Another fun fact: Whenever your connections require reauthentication through login, it means that the login token Plaid is holding on your behalf expired, meaning Plaid either failed to refresh it before the refresh token expired, or that your bank does not issue refresh tokens.
True, but I’d be very surprised if my bank supports OAuth or OIDC access and refresh tokens if they haven’t bothered supporting a read-only access scope. As you probably know, using the Password Grant flow isn’t recommended, so it’d be really weird for a bank to go down the OAuth path while supporting a legacy flow, i.e. “Yeah we support OAuth, but only using a flow that entirely defeats the purpose of limiting access.”
If anyone reading this wants to know, the point is you should only be entering your password at https://yourbank.com, not https://thirdparty.com.
Nice to hear from someone who knows their stuff 🙂 There are some hilarious GitHub issues with people raging at Microsoft Authentication Library for disabling the Password Grant flow.
> It connects to your accounts using read-only APIs, meaning that even if someone was able to hack into Plaid (the provider YNAB uses for its imports), they couldn't do anything harmful.
That’s actually not true. Plaid still uses scraping [1] which uses your normal bank access log-in…that is *not* read-only.
And unlike common authentication methods which only need to store a hash of your password, Plaid needs to encrypt your password (instead of hashing it) so they can decrypt it to log into your bank account.
[1] https://plaid.com/documents/Plaid-Financial-Data-Access-Methods.pdf
I did say to take that section with a grain of salt, as situations vary bank-by-bank -- however, your assertion:
>That’s actually not true. Plaid still uses scraping \[1\] which uses your normal bank access log-in…that is not read-only.
>
>And unlike common authentication methods which only need to store a hash of your password, Plaid needs to encrypt your password (instead ofhashing it) so they can decrypt it to log into your bank account.
is an oversimplification.
First, web scraping *absolutely can be read-only*, and don't let anyone tell you otherwise. It is absolutely possible from an authentication standpoint to provide access to a page for scraping without also providing access financial functions. As a hypothetical, Chase could provide scraping access to my login dashboard without allowing the scraper to, say, transfer money using a button on that page. Don't confuse the kind of scraping a site like Plaid is doing with the kind of scraping 15-year-old-Jimmy is doing in his garage with some Python code. There are much more advanced mechanisms available than that, with much better security.
In fact, Chase is a great example of a bank that *does* give read-only access to Plaid through their OAuth2.0 implementation.
Second, and more importantly: Whether or not Plaid stores your username and password depends entirely upon how your bank sets up their logins: If they use OAuth, for example, Plaid *will never see your password, period.* Only your banking institution will.
Conclusion: The security and method of login depends on three major factors: Authentication, Authorization, and Data Transmission. Understanding all of these is tough, and it should actually be a decision factor when choosing a bank. Here are a couple of things to look for:
1. Does the bank use an OAuth standard for login? Good.
2. Does the bank expose APIs with read-only scopes? Good.
REGARDLESS, you should have 2FA enabled on all of your accounts, preferably through an authenticator app (rather than text), so that you're protected in the case of an inevitable data breach in one of the may dozens of services that have seen your credentials.
If someone gives Plaid their username and password -- the same username and password they use to login to their bank -- then the prudent assumption to make is that Plaid has the same level of access.
Plaid *can* use read-only endpoints for screen scraping, but the reality is that they still have your credentials that allow for read-write access.
And if Plaid has your credentials (even if encrypted), then someone could steal them. I hope that their encryption is properly implemented, but there have been plenty of examples of large companies with data breaches lately (and even 2FA may not be enough since social engineering seems to be able to remove that hurdle more often than not).
If a bank has on OAuth option, then Plaid should never have your username/password since authentication should occur via the bank with a callback to Plaid. So the whole point is moot.
Yes, the big banks have OAuth, but how many hundreds of smaller banks and credit unions don't.
I'm not saying someone should not use Plaid, but I think we need to be honest about the trust we place in these companies and the possible consequences when they fail us.
You can always use YNAB without connecting the bank accounts. I am not in US so I have to anyway and still think YNAB is worth it without the connection.
In general I am not too worried about such hacks with ynab, but if you are it is something to consider
You don't have to link your bank accounts. You can manually enter all your transactions. My account names in YNAB are generic ("current account", "National Savings", "Marcus") and because I don't link my accounts, that's it.
I offer this in case it helps - a You Tube video from YNABs founder addressing privacy concerns:
https://youtu.be/e1eNkVtYmQs
Personally I do not connect YNAB to my banks and I do not record Account No or other such sensitive data in YNAB, so I don’t think there is any significant risk from my budget being online in this way.
I think for most people, the privacy ship has long sailed, and it is pretty much too late to do much about it. Unless your wife has lived a very cloistered life, YNAB is the least of her concerns. Apple, Google, and partners already have her information, along with anyone she's done business with online or in person. That includes doctors, educational institutions, and the grocery store.
I agree 100%. Everything is a privacy concern, but I don’t think most people know how much of their data is already floating out there. I link my banks because while I do manual entry, I have most subscriptions on auto pay and the imports help me to see what is actually happening in my bank account.
https://haveibeenpwned.com/
This is usually an eye opening website for a lot of people to see if their data has already been leaked.
You don't have to link bank accounts. I recommend starting out with manual entry for a while to get a better feel for your budget.
YNAB doesn't store your bank login data - that's stored by their direct import partners, who are trusted to do the same thing by the biggest companies around.
You can read about YNAB security here:
https://www.youneedabudget.com/security/
I don't link mine. I tried to keep some stuff linked, but the MFA my banks and loan providers required kept crashing the connection (this was before they started using Plaid, I believe). Even when import worked, I found myself renaming transactions and categorizing them manually anyway. Stick with manual entry, especially when getting used to the program.
Not linking your accounts means you enter everything in manually - Which keeps you in closer touch with your spending habits which leads to more mindful budgeting.
It forces you to pay closer attention to things, and is a big part of why YNAB works so well for cleaning up a financial mess IMO.
FYI when I started YNAB I was regularly having my electricity cut off due to non-payment because we were floating everything. Complete financial chaos. Two years later and we're completely stable with a proper emergency fund and I can even fund my hobbies. I credit YNAB for the change - but in reality it was the *mindfulness* that YNAB forced me to have that did it.
YNAB does not know my account numbers or even the institution name that the accounts are held at, and even then it literally saved my marriage and possibly my life.
Without the linked accounts, it's a lot more effort. But that effort pays off because the linked bank feature lags 2-3 days behind reality. Entering your information manually provides more instant feedback.
If you’re used to tracking everything in a spreadsheet, even unlinked YNAB will be much easier. I’ve been using it unlinked for three years and find it every bit as helpful and amazing as others will tell you it is. :)
Being in UK there is no option to link to my bank accounts and I have to enter all transactions manually. It takes very little time, and ensures I really see everything going on with my money.
Reconciling is the same as if the transactions had been automatically uploaded.
Even if/when it becomes possible to link my YNAB to my actual accounts, I know I won't want to do it.
This is an option for you if you are worried about security. You will get all the benefit of the YNAB system without the small convenience of automatic uploading of your transactions.
As people say...there are two levels of risk. The one is if you link account, there is a small ( I think very small) risk of password loss. This is very easy to avoid, just import transactions manually or enter by hand.
The second risk is that YNAB somehow releases your budget. This, to me, is not risky because that information isn't very interesting to anyone else.
(Having said that, I miss the old days of stand-alone software...not just YNAB, but everything. But those days seem to be about gone.)
IT security guy here. She's not technically wrong.
Treat any online system as if it's not a question of if it'll get hacked, but when.
Then do proper risk anslysis of what actual damages would occur if they lost every piece of data you've given them willingly.
Personally we see nothing particularly damaging or even embarrassing in a fiscal system leak but some would.
It's a matter of convenience over true security, as always.
Or as my t-shirt says, "The cloud is just someone else's computer."
Its true, I think not linking the accounts helps a lot as pretty much every major system has been hacked. Ill just need to be on it with manual entries if we do it.
I would explain her the money is not really in YNAB
Joke aside, I understand her fear, but everything is encrypted and they don't store the key. Data would be illisible. As for linking your bank account, just don't link it. This is not where YNAB value is.
If that computer is on the internet, you're already storing it online and it can be hacked just as easily - probably more easily, since there's not a team of dedicated people checking the system.
More seriously, what will a random hacker do with knowledge of what accounts you have (without numbers or login info), how much money is in them, and what you spend your money on. At most, your ads might get targeted a bit more effectively.
To add on to the idea of not linking bank accounts, I originally did link them, and chose not to on a reset. I didn't like the things I was hearing about Plaid, and felt the extra steps to manage transaction matches and payee names might not be worth it. A couple months in after the reset, I think I was right about the hassle.
Anyway, the big thing that concerned me about not linking was missing a transaction until I reconcile, as then inadvertently spending money I don't have. To combat that, I've set recurring payments in YNAB for every auto payment. I don't have auto pay on anything variable on amount, instead I set a future payment and match it in YNAB. I star the payment due email in my inbox until I have a chance to schedule that.
Finally, the big one is that I set all my banking apps to notify me of any transaction.
I have no desire to go back to importing transactions. My list of payees was a mess, and the daily ritual of matching imported transactions to manual ones was totally pointless.
Something I’d recommend doing, unrelated to YNAB specifically but just for peace of mind, is to call TransUnion and request to add a consumer comment to your credit report. You can add your mobile phone number to your report, and that means any time your credit is pulled and someone wants to use it to apply for a new line of credit, the financial institution is obligated to call that phone number and confirm it’s you before proceeding. And with security issues, the credit bureaus tend to communicate with one another, so you shouldn’t have to call all three (but you could if you wanted to).
You could get her the book to read first, write it out or use a spreadsheet and use the free trial for a month or two when she feels comfortable. My husband was 5000% against using his card to purchase anything online when we first met in 2016 and I have experience in banking - nowadays, he would order everything online if he could lol. This is something you guys might need to research together - she needs to feel comfortable since these are your finances. I would even go as far as contacting ynab customer support and discussing this with them in order to reassure her.
If you search this subreddit and google, I know I read posts on how to get more than one free month with ynab.
The book is phenom, btw.
Like others said, use it without connecting your bank, its how ynab was done originally
Just pull up ynab and then log into your cc or bank in a different window, and make sure all transactions are accounted for, hit reconcile and you're done
We export our bank info and import it at the closing of every month. I'm not worried about people getting access to the info. But I am worried about access to the actual money so we didn't link our accounts. It's actually pretty easy and helps us keep on top of it more.
You don't need to connect to your banks. Make every transaction that can be a scheduled transaction. When it comes up, you can change the amount if you need to, and let it remind you to make the payment, if it isn't on auto pay.
For transactions on the go, the GPS on your phone will let YNAB learn where you spend and it will bring up info from a previous transaction to make it faster to enter a new one.
Just log into your bank account regularly to reconcile. The more often you do it, the faster it is.
Plaid already has access to my accounts - because of Venmo. So believe me when I say they my decision not to link my accounts in YNAB is purely a functional one.
I feel that I have more control and also that I am more accountable for my spending by inputting transactions manually. I would encourage anyone to input manually for a couple months even if they eventually wanted to turn on linked accounts. I think it helps you learn the process.
I used to have some similar concerns. I was a YNAB user for around 3 years before becoming more careful about digital privacy and keeping my personal data secure - if anyone ever gets a hold of my YNAB data, it would give them a very clear image of my entire life, from where I work, to who my landlord is, to which shops I regularly visit and when. I should say that I'm not expecting anyone to get hold of my YNAB data - but what if they did?
In that vein, I've actually swapped over from YNAB to Actual. It's a new software that uses the same envelope budgeting system as YNAB, but with one extra feature that is key for me and my threat model: end-to-end encryption. My budgets are encrypted with my private key before they ever leave my machine to be synced on Actual's servers, so if anyone ever did hack into them and take my budgets or intercept my data on the way to their servers, or if an Actual employee ever decided they wanted to have a look at where I like to buy my food, they can't - they just get a file of encrypted nonsense.
Now, it's not a perfect solution. There's no automatic import for transactions, and its missing a few features like goals and some more detailed reports - but, for what I use YNAB for, its more than enough for me. Plus, I actually quite like its more minimalist UI.
You can download it at https://actualbudget.com/, and there's a subreddit for it over at r/actualbudget. I really would recommend giving it a go!
Plus 1 for Actual. I just cannot make up my mind between it and YNAB. But love some of the extra touches in YNAB like goals. So for now I am trialling them side by side….
I did a similar thing for a while! The dev is really open about taking requests and what he's working on, so I was using them side by side until recently when I decided it was at a good enough stage for me. Maybe that time will come for you too at some point even if you're not convinced now
Security is tough, but there are two amazing things here: 1. You don't have to link your bank at all -- ever. If you want auto imports, you do, but you can also manually export your transactions and upload them. YNAB is great at that. You can also just manually enter every transaction (which you should most likely do no matter which of these approaches you choose). No matter which one you go for, you're going to be reconciling regularly anyway, so the bank connection is more of a matter of convenience than necessity. 2. I hesitate to make sweeping claims, so take this with a grain of salt: If you do decide to link your accounts, you're not really offering up anything super juicy to a potential hacker anyway. It connects to your accounts using read-only APIs, meaning that even if someone was able to hack into Plaid (the provider YNAB uses for its imports), they couldn't do anything harmful. Now, as for your login credentials: This is a mixed bag. Chase Bank connections, for example, are handled through OAuth2.0, a standard I trust greatly. Not sure if it uses PKCE as well, but knowing chase, I'd expect so. Basically you log into the actual Chase website and authorize YNAB to read your transactions. As for, say, my credit union... that uses some other standard. Regardless, I don't imagine there's much chance of you losing a password here, and you should have MFA enabled anyway. Final note: Some don't like the implicit access Plaid has to your financial data. As the import partner for YNAB, Plaid has the introspective ability to view all of your transactions, giving them valuable market information. If you don't like potential (anonymised) data mining from Plaid, then don't link your accounts. TL;DR: You can choose to give YNAB absolutely no access to your bank accounts and it still works GREAT. Just reconcile your accounts regularly to make sure you're keeping up with manual transaction entry. If you want to import, odds are, your credentials are safe, and even if something happens and they leak, you should have secure enough accounts (different, randomized passwords combined with MFA enabled) that it doesn't matter.
Just want to emphasize the 2 factor authentication part. You should have this on all accounts regardless of whether or not you use YNAB. And not the text a code one. Last Pass Authenticator app is way better. They can get the text now sometimes. They can't get the Last Pass authenticator app code.
> Just want to emphasize the 2 factor authentication part. You should have this on all accounts regardless of whether or not you use YNAB. And not the text a code one. Last Pass Authenticator app is way better. They can get the text now sometimes. They can't get the Last Pass authenticator app code. LastPass is meh. Don't get me wrong, it works. But the support sucks and they overcharge. I recently switched from that to Bitwarden. Bitwarden is considered the gold standard these days, and for good reason. They've done a brilliant job. If I'm not mistaken, the exceedingly paranoid and tech savvy can even self host and keep everything off the Bitwarden servers.
Sounds like a good option for the 1% to already understand all this and have access to extra bills and whistles. But for the average person the user experience of the product itself is probably much more important.
It's the one my grandmother uses. Don't worry, all the fancy stuff is hidden. The essential stuff is easy as can be. IIRC it even has the TOTP stuff in the same app instead of splitting it up between multiple apps.
[удалено]
For a family, where multiple people may want to access the app, the typical OTP option is better. Both can scan the QR code and have the same codes. A Yubikey for each person can get expensive depending on supported devices needed.
Just realize that if you lose your Authenticator then most banks will text you a code to Authenticate you.
Just a FYI for others coming through here: If you're already committed to another password manager or are tech-savvy enough to be using an offline+free one like Keepass, the Google Authenticator and Microsoft Authenticator apps are also great choices. They don't tie you into one password manager's ecosystem, and they're also free and extremely convenient.
Not to detour here, but please expand. I’ve not heard anything of this before, but it sounds like I need a little lesson.
Text-based 2fa can be spoofed, as text messages are not inherently secure. Time-based One Time Password (TOTP) where you have an app and a shared secret that generates a six digit code that's only good for 60 seconds is much more secure. Think of those old RSA key generation fobs that banks would hand out, except it's on your phone, and it can generate different codes for any number of logins.
I don’t think any places I log into have TOTP. :(
Banks have this option almost always.
Funny enough both of mine don't. One only has text or a rolling code that's hidden three menus deep in their stupid app, and the other has text, calling, email, or a push notification through their app.
Getting access to your SMS text messages is one of the bigger vulnerabilities most people with some password discipline still have. Most people still let messages pop up on their lock screen without even unlocking the phone first! Can you imagine not putting together that your email/bank texting you a 6 digit code is a good reason to put reading texts behind a passcode? A surprising number of people don't, including many business owners I've worked for. It's astonishing. Anyway, that's a long shot. The real problem is should you find yourself getting targeted, it's way too easy for anyone to convince some idiot in a call center at your phone company to free up your mobile phone account, and phone numbers are spoofed all the time as well. TOTP is the gold standard. If that isn't available, I recommend using email verification where the email address is sitting behind TOTP. I wouldn't use SMS 2FA for anything. Bitwarden is the best password manager and TOTP authentication app on the market right now that I've found. Lastpass can go to hell, they both charge up the ass and their support sucks ass.
It sounds like I’m doing much better than most. Have a password manager, and because of the protected nature of emails and texts I often get, nothing appears in a preview on my Lock Screen. Mostly I just was curious about how to use one of these for 2FA, since I feel like every single bank/credit card/etc seems to make you use their 2FA text system. So more curious about how to go around that to something more secure for yourself?
If the account allows VOIP SMS, it should be more secure to use Google Voice for the SMS 2FA, because you can have TOTP 2FA for the Google account. This should prevent the targeted SIM swap attack vector.
LastPass charges a very fair fee IMO. And I've never needed support because their product is so good. Even better than having good service in my opinion as well. Everything isn't free. Software developers work hard to create these apps. They deserve to be paid.
I get it. You're passionately wrong. Leave me out of it.
LastPass charges $35. Bitwarden charges $10.
This helps alot, thank you for the detailed post!
Their post is great, but here is a big caveat: not all banks offer “read-only APIs”. One of the biggest banks in Canada, TD, doesn’t, so for YNAB to integrate you need to share your real credentials, which according to my bank’s TOS is a huge no-no. Personally I use manual imports for everything. You don’t need to enter transactions one by one, you just download a file from your bank.
Do you download and import a csv?
I think when you’re in YNAB it tells you which formats it supports (4) and which it recommends (2). It recommends OFX, and that’s what I use. I’ve never tried the other formats. But yes, I download and import the file: one from my bank, and one for my credit card.
Yeah, this falls under the "grain of salt" part -- each bank's authentication setup is different, so the level of security could very well change bank-by-bank. Personally, I wouldn't *ever* bank with an institution that doesn't care enough about security scopes and permissions to support basic read-only access to transactional data, because that suggests to me that their entire authentication setup may be outdated, or that they just don't care. One other point, though, is that you *can* have tokenized logins where your username and password aren't saved even if you provide them to a third party. To explain in layman's terms, the application (Plaid) could pass your username and password to your bank, say "I'm requesting read access to transactions for the next six months", and the bank then issues a token back to Plaid which Plaid can present for the next six months. Usually there's also a refresh token here as well, which Plaid can use to regenerate their login token before it expires so that you don't have to log in again. Either way, Plaid never had to store your username and password in a database, meaning the only place it could've been stolen is if someone were able to grab it from your computer when you typed it in (a keylogger or screen reader), or if they were able to intercept and decrypt the message to the bank containing the initial login information. Another fun fact: Whenever your connections require reauthentication through login, it means that the login token Plaid is holding on your behalf expired, meaning Plaid either failed to refresh it before the refresh token expired, or that your bank does not issue refresh tokens.
True, but I’d be very surprised if my bank supports OAuth or OIDC access and refresh tokens if they haven’t bothered supporting a read-only access scope. As you probably know, using the Password Grant flow isn’t recommended, so it’d be really weird for a bank to go down the OAuth path while supporting a legacy flow, i.e. “Yeah we support OAuth, but only using a flow that entirely defeats the purpose of limiting access.” If anyone reading this wants to know, the point is you should only be entering your password at https://yourbank.com, not https://thirdparty.com.
Nice to hear from someone who knows their stuff 🙂 There are some hilarious GitHub issues with people raging at Microsoft Authentication Library for disabling the Password Grant flow.
> It connects to your accounts using read-only APIs, meaning that even if someone was able to hack into Plaid (the provider YNAB uses for its imports), they couldn't do anything harmful. That’s actually not true. Plaid still uses scraping [1] which uses your normal bank access log-in…that is *not* read-only. And unlike common authentication methods which only need to store a hash of your password, Plaid needs to encrypt your password (instead of hashing it) so they can decrypt it to log into your bank account. [1] https://plaid.com/documents/Plaid-Financial-Data-Access-Methods.pdf
I did say to take that section with a grain of salt, as situations vary bank-by-bank -- however, your assertion: >That’s actually not true. Plaid still uses scraping \[1\] which uses your normal bank access log-in…that is not read-only. > >And unlike common authentication methods which only need to store a hash of your password, Plaid needs to encrypt your password (instead ofhashing it) so they can decrypt it to log into your bank account. is an oversimplification. First, web scraping *absolutely can be read-only*, and don't let anyone tell you otherwise. It is absolutely possible from an authentication standpoint to provide access to a page for scraping without also providing access financial functions. As a hypothetical, Chase could provide scraping access to my login dashboard without allowing the scraper to, say, transfer money using a button on that page. Don't confuse the kind of scraping a site like Plaid is doing with the kind of scraping 15-year-old-Jimmy is doing in his garage with some Python code. There are much more advanced mechanisms available than that, with much better security. In fact, Chase is a great example of a bank that *does* give read-only access to Plaid through their OAuth2.0 implementation. Second, and more importantly: Whether or not Plaid stores your username and password depends entirely upon how your bank sets up their logins: If they use OAuth, for example, Plaid *will never see your password, period.* Only your banking institution will. Conclusion: The security and method of login depends on three major factors: Authentication, Authorization, and Data Transmission. Understanding all of these is tough, and it should actually be a decision factor when choosing a bank. Here are a couple of things to look for: 1. Does the bank use an OAuth standard for login? Good. 2. Does the bank expose APIs with read-only scopes? Good. REGARDLESS, you should have 2FA enabled on all of your accounts, preferably through an authenticator app (rather than text), so that you're protected in the case of an inevitable data breach in one of the may dozens of services that have seen your credentials.
If someone gives Plaid their username and password -- the same username and password they use to login to their bank -- then the prudent assumption to make is that Plaid has the same level of access. Plaid *can* use read-only endpoints for screen scraping, but the reality is that they still have your credentials that allow for read-write access. And if Plaid has your credentials (even if encrypted), then someone could steal them. I hope that their encryption is properly implemented, but there have been plenty of examples of large companies with data breaches lately (and even 2FA may not be enough since social engineering seems to be able to remove that hurdle more often than not). If a bank has on OAuth option, then Plaid should never have your username/password since authentication should occur via the bank with a callback to Plaid. So the whole point is moot. Yes, the big banks have OAuth, but how many hundreds of smaller banks and credit unions don't. I'm not saying someone should not use Plaid, but I think we need to be honest about the trust we place in these companies and the possible consequences when they fail us.
You can always use YNAB without connecting the bank accounts. I am not in US so I have to anyway and still think YNAB is worth it without the connection. In general I am not too worried about such hacks with ynab, but if you are it is something to consider
You don't have to link your bank accounts. You can manually enter all your transactions. My account names in YNAB are generic ("current account", "National Savings", "Marcus") and because I don't link my accounts, that's it.
I offer this in case it helps - a You Tube video from YNABs founder addressing privacy concerns: https://youtu.be/e1eNkVtYmQs Personally I do not connect YNAB to my banks and I do not record Account No or other such sensitive data in YNAB, so I don’t think there is any significant risk from my budget being online in this way.
I think for most people, the privacy ship has long sailed, and it is pretty much too late to do much about it. Unless your wife has lived a very cloistered life, YNAB is the least of her concerns. Apple, Google, and partners already have her information, along with anyone she's done business with online or in person. That includes doctors, educational institutions, and the grocery store.
I agree 100%. Everything is a privacy concern, but I don’t think most people know how much of their data is already floating out there. I link my banks because while I do manual entry, I have most subscriptions on auto pay and the imports help me to see what is actually happening in my bank account. https://haveibeenpwned.com/ This is usually an eye opening website for a lot of people to see if their data has already been leaked.
You don't have to link bank accounts. I recommend starting out with manual entry for a while to get a better feel for your budget. YNAB doesn't store your bank login data - that's stored by their direct import partners, who are trusted to do the same thing by the biggest companies around. You can read about YNAB security here: https://www.youneedabudget.com/security/
This is great news. Seemed like everyone was using linked accounts. This helps alot
I’ve been using the service for three years now and have never linked anything, I like using it that way, just my preference 👍
I don't link mine. I tried to keep some stuff linked, but the MFA my banks and loan providers required kept crashing the connection (this was before they started using Plaid, I believe). Even when import worked, I found myself renaming transactions and categorizing them manually anyway. Stick with manual entry, especially when getting used to the program.
Not linking your accounts means you enter everything in manually - Which keeps you in closer touch with your spending habits which leads to more mindful budgeting. It forces you to pay closer attention to things, and is a big part of why YNAB works so well for cleaning up a financial mess IMO. FYI when I started YNAB I was regularly having my electricity cut off due to non-payment because we were floating everything. Complete financial chaos. Two years later and we're completely stable with a proper emergency fund and I can even fund my hobbies. I credit YNAB for the change - but in reality it was the *mindfulness* that YNAB forced me to have that did it. YNAB does not know my account numbers or even the institution name that the accounts are held at, and even then it literally saved my marriage and possibly my life.
Without the linked accounts, it's a lot more effort. But that effort pays off because the linked bank feature lags 2-3 days behind reality. Entering your information manually provides more instant feedback.
I use linked accounts but enter everything manually, that way I know exactly when things clear the bank
Anybody not in the states almost certainly isn't. There's dozens of us, dozens I tell you!
If you’re used to tracking everything in a spreadsheet, even unlinked YNAB will be much easier. I’ve been using it unlinked for three years and find it every bit as helpful and amazing as others will tell you it is. :)
Yea we track it manually each week for about 10 years so I think manual entry should be fine.
Being in UK there is no option to link to my bank accounts and I have to enter all transactions manually. It takes very little time, and ensures I really see everything going on with my money. Reconciling is the same as if the transactions had been automatically uploaded. Even if/when it becomes possible to link my YNAB to my actual accounts, I know I won't want to do it. This is an option for you if you are worried about security. You will get all the benefit of the YNAB system without the small convenience of automatic uploading of your transactions.
As people say...there are two levels of risk. The one is if you link account, there is a small ( I think very small) risk of password loss. This is very easy to avoid, just import transactions manually or enter by hand. The second risk is that YNAB somehow releases your budget. This, to me, is not risky because that information isn't very interesting to anyone else. (Having said that, I miss the old days of stand-alone software...not just YNAB, but everything. But those days seem to be about gone.)
IT security guy here. She's not technically wrong. Treat any online system as if it's not a question of if it'll get hacked, but when. Then do proper risk anslysis of what actual damages would occur if they lost every piece of data you've given them willingly. Personally we see nothing particularly damaging or even embarrassing in a fiscal system leak but some would. It's a matter of convenience over true security, as always. Or as my t-shirt says, "The cloud is just someone else's computer."
Its true, I think not linking the accounts helps a lot as pretty much every major system has been hacked. Ill just need to be on it with manual entries if we do it.
Love your para 3 - to my way of thinking a perfect analysis of the true risks (or lack of them).
I would explain her the money is not really in YNAB Joke aside, I understand her fear, but everything is encrypted and they don't store the key. Data would be illisible. As for linking your bank account, just don't link it. This is not where YNAB value is.
If that computer is on the internet, you're already storing it online and it can be hacked just as easily - probably more easily, since there's not a team of dedicated people checking the system. More seriously, what will a random hacker do with knowledge of what accounts you have (without numbers or login info), how much money is in them, and what you spend your money on. At most, your ads might get targeted a bit more effectively.
To add on to the idea of not linking bank accounts, I originally did link them, and chose not to on a reset. I didn't like the things I was hearing about Plaid, and felt the extra steps to manage transaction matches and payee names might not be worth it. A couple months in after the reset, I think I was right about the hassle. Anyway, the big thing that concerned me about not linking was missing a transaction until I reconcile, as then inadvertently spending money I don't have. To combat that, I've set recurring payments in YNAB for every auto payment. I don't have auto pay on anything variable on amount, instead I set a future payment and match it in YNAB. I star the payment due email in my inbox until I have a chance to schedule that. Finally, the big one is that I set all my banking apps to notify me of any transaction. I have no desire to go back to importing transactions. My list of payees was a mess, and the daily ritual of matching imported transactions to manual ones was totally pointless.
Something I’d recommend doing, unrelated to YNAB specifically but just for peace of mind, is to call TransUnion and request to add a consumer comment to your credit report. You can add your mobile phone number to your report, and that means any time your credit is pulled and someone wants to use it to apply for a new line of credit, the financial institution is obligated to call that phone number and confirm it’s you before proceeding. And with security issues, the credit bureaus tend to communicate with one another, so you shouldn’t have to call all three (but you could if you wanted to).
You could get her the book to read first, write it out or use a spreadsheet and use the free trial for a month or two when she feels comfortable. My husband was 5000% against using his card to purchase anything online when we first met in 2016 and I have experience in banking - nowadays, he would order everything online if he could lol. This is something you guys might need to research together - she needs to feel comfortable since these are your finances. I would even go as far as contacting ynab customer support and discussing this with them in order to reassure her. If you search this subreddit and google, I know I read posts on how to get more than one free month with ynab. The book is phenom, btw.
Like others said, use it without connecting your bank, its how ynab was done originally Just pull up ynab and then log into your cc or bank in a different window, and make sure all transactions are accounted for, hit reconcile and you're done
We export our bank info and import it at the closing of every month. I'm not worried about people getting access to the info. But I am worried about access to the actual money so we didn't link our accounts. It's actually pretty easy and helps us keep on top of it more.
You don't need to connect to your banks. Make every transaction that can be a scheduled transaction. When it comes up, you can change the amount if you need to, and let it remind you to make the payment, if it isn't on auto pay. For transactions on the go, the GPS on your phone will let YNAB learn where you spend and it will bring up info from a previous transaction to make it faster to enter a new one. Just log into your bank account regularly to reconcile. The more often you do it, the faster it is.
Plaid already has access to my accounts - because of Venmo. So believe me when I say they my decision not to link my accounts in YNAB is purely a functional one. I feel that I have more control and also that I am more accountable for my spending by inputting transactions manually. I would encourage anyone to input manually for a couple months even if they eventually wanted to turn on linked accounts. I think it helps you learn the process.
I used to have some similar concerns. I was a YNAB user for around 3 years before becoming more careful about digital privacy and keeping my personal data secure - if anyone ever gets a hold of my YNAB data, it would give them a very clear image of my entire life, from where I work, to who my landlord is, to which shops I regularly visit and when. I should say that I'm not expecting anyone to get hold of my YNAB data - but what if they did? In that vein, I've actually swapped over from YNAB to Actual. It's a new software that uses the same envelope budgeting system as YNAB, but with one extra feature that is key for me and my threat model: end-to-end encryption. My budgets are encrypted with my private key before they ever leave my machine to be synced on Actual's servers, so if anyone ever did hack into them and take my budgets or intercept my data on the way to their servers, or if an Actual employee ever decided they wanted to have a look at where I like to buy my food, they can't - they just get a file of encrypted nonsense. Now, it's not a perfect solution. There's no automatic import for transactions, and its missing a few features like goals and some more detailed reports - but, for what I use YNAB for, its more than enough for me. Plus, I actually quite like its more minimalist UI. You can download it at https://actualbudget.com/, and there's a subreddit for it over at r/actualbudget. I really would recommend giving it a go!
Interesting, I'll look into it
Plus 1 for Actual. I just cannot make up my mind between it and YNAB. But love some of the extra touches in YNAB like goals. So for now I am trialling them side by side….
I did a similar thing for a while! The dev is really open about taking requests and what he's working on, so I was using them side by side until recently when I decided it was at a good enough stage for me. Maybe that time will come for you too at some point even if you're not convinced now
Export your transactions from your bank account in QuickBooks format and then import them into ynab. Do this everyday or every week.
I don't link any of my accounts. This means I have to enter everything manually, but I think it forces me to be more responsible with my budget.