[alasdair_]

The financial institutions never gave mint access. What happened is that mint takes a users username and password then logs in as that user and downloads (or scrapes) the transactions.

Nowadays it’s a bit more integrated with the banks, with oauth support etc. but initially they were basically just scraping.

And yes, this is a massive security hole and likely against the banks TOS (deliberately giving your credentials to a third party).

[pfranz]

A bunch of people in this thread complain how integration has gotten way worse over the years. I'm pretty confident this is banks "fighting back" with 2-fa and other additional security measures--many seem to have the goal of locking out these kinds of services. A very few seem to be embracing it (they have a token system that have revokable read-only access).

Personally, I'm looking to move banks/credit cards towards services with better integration at the expense of other things like better returns.