[y-c-o-m-b]

I was just thinking this exact thing. It's reckless to provide a third party your direct banking credentials. I feel unsafe entering those credentials into my browser as it is - but to share it with a third party product gives me the creeps. It's so stupidly easy to generate an access token that can be shared with third parties and restrict access to read-only. Why they didn't think of that is beyond me; the tech has been available for a very long time.

[Jtsummers]

Want to know something really annoying? I bank with multiple banks. One institution uses access tokens. I can link them to my primary bank (the primary has a better "whole picture" view). But does my primary bank offer access tokens of their own? No. They understand the concept, but don't use it themselves.

Of course, I know why. Different teams. There's no cohesive vision to their IT work, same as every other enterprise out there.

EDIT: Cleaned up language. Removed some info I didn't really want here but really botched the posted version when I did.