Passwords, Authentication, and Privilege

Gizmodo has decreed that today, February 1st, is “Change Your Password” day. I wholeheartedly agree, especially if you re-used passwords (which you shouldn’t!). In fact, I’d go further: change your password, and start using a password manager. Did I changed my passwords today? I did not, because I used said password manager. I don’t reuse passwords, and my passwords are all random. So even if one is revealed, it’s not going to make a difference outside of that one website.

But I’ve been thinking beyond passwords lately to the broader subject of authentication, which I think is where the real issues are. Take online finance. I use Quicken, which I hate. However, I have more than 15 years of data in Quicken that won’t easily move elsewhere, so I have few choices as to where I can go. One popular alternative finance site is Mint.com, which has a pretty strong following online. It allows you to pull in data from all of your banks so you can have a centralized view of your finances, much like Quicken. Unlike Quicken, it’s web-based, and it can send you alerts based on balances, fraudulent activity, and so forth.

To get this information, Mint obviously needs to be able to access your banking information. They do they by storing your bank login credentials, although they say that they only have read-only access to your banking data, so even if your Mint account was compromised, criminals couldn’t move your money anywhere. Of greater concern is that they (or, more accurately, a third party) has that data. Mint claims that it is super-secure, encrypted, all that jazz, and I have no reason to doubt them. All the same, though, it makes me uncomfortable, which is one of the reasons I won’t use it and instead rely of credentials stored securely just on my computer instead of in the cloud.

The problem is with authentication, and frankly, it’s with the banks themselves. Mint shouldn’t need to have access to my all-powerful banking logins. I should be able to create additional logins with my banks with differing privilege levels that are completely unrelated to my “superuser” account. That way, I could expressly create a read-only login and use that with Mint, Quicken, and wherever else necessary. I shouldn’t have to rely on the proper storage of my credentials at Mint or anywhere else to protect me; I should be able to limit rights directly. Sadly, as far as I know, few if any banks allow this, even though technologies are available to allow this.

So yes, change your passwords. Stop reusing them. But unique, strong passwords are not enough. We need more granular control over the access we have online, so we can put up stronger firewalls around our data while still allowing it to be used.