Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?
This is your opportunity to ask questions. No question too simple or too silly.
Culture war topics are accepted, and proposals for a better intro post are appreciated.
Jump in the discussion.
No email address required.
Notes -
This is where I’m not so sure. Current iterations as far as I can tell generally use “Oauth” which again is a bit of a black box but from what I can tell you’re logging into your bank and giving plaid an access token, which I think can be configured to be read only. Although more black box. In practice, plaid doesn’t have your password generally (although maybe for some banks as your link discusses.) what it can do with that token (is it read only?) is even read only bad enough? Etc. is up for debate.
I've never heard any reports of this. Are you saying you've seen some bank for which Plaid supports OAuth rather than merely doing screen-scraping? If so, what bank is that?
It really shouldn't be “up for debate”.
If your bank supports OAuth as a protocol, but doesn't tell you exactly what authorizations you're granting the relying party when you approve a request, that's a massive failure of your bank, and arguably a violation of at least the spirit of the OAuth spec:
More options
Context Copy link
The last time I was faced with a plaid page, they wanted me to enter my password in a plaid page, rather than my bank's page. Perhaps this has changed, but there's simply no way that I'd trust plaid not to retain my password in some regarded way.
More options
Context Copy link
More options
Context Copy link