Hacker News new | past | comments | ask | show | jobs | submit login

Yeah, isn't Plaid basically teaching users to fall for phishing attacks? As with any account, the only sane advice is to only enter your password for account X into the website or app for X. Which is the exact opposite of the expectation Plaid creates.

Also, it's one thing for me to let a third party withdraw money from my checking account (if I provide my account number), but that doesn't mean I want to give them the ability to do things like change my password, disable 2FA, read my transaction history, transfer money out of my other accounts, cancel my cards, and so on — which they can if they have my password. That's just insane.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact