Hacker News new | past | comments | ask | show | jobs | submit login

I'm already uneasy with the way Plaid works, I'm not also going to disable 2FA on my account to accommodate the broken way they access accounts (pretending to be a browser instead of using APIs). There are good, secure ways to grant access to resources, and giving your password to Plaid for them to log in to your account with reduced security is definitely not one of them and certainly not an attractive proposition.





Worst of all, it's a full access, not a scope-restricted one. Imagine somebody hacking Plaid and you disabling 2FA, because otherwise you can't use some of the fancy new services you saw on Product Hunt.

Worst of all, is their privacy policy.

> We retain information we collect about you for as long as necessary to fulfill the purposes for which we collected it, unless a longer retention period is required OR PERMITTED under applicable law.

It is not necessary to "hack" Plaid.


Yeah, it's the users who got hacked when they signed up.

It's all in the way Plaid connects to the banks - they do not systematically support MFA in their bank connectors; hence the issues you are seeing.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: