[dmitrygr]

We NEED to stop training users to give away passwords for account X to services that are not X. We NEED to! This is what enables phishing to work! It normalizes this! Please do not do this! Next time some old lady loses her life savings due to phishing, you'll know that in some small part plaid and this helped. They trained her that it is ok to provide her password to someone.

[samtho]

This is my reaction every time I see a service like this. In addition to training users that is somehow okay to just give up your credentials to a 3rd party, you are now indefinitely allowing the storage of passwords in a fully reversible format on a platform you have no control over.

Despite all the best efforts by any company engaging in this practice to protect your passwords, these entities are setting themselves up to have a huge target on their back. The technology they employ relies on being able to decrypt passwords programmatically which means it becomes visible on the server’s RAM and could potentially be triggered to decrypt the password as part of an attack. Given that a majority of people use the same passwords for multiple services, it is likely an attacker would be able to determine credentials for someone’s bank or email account via a credential stuffing attack.

Plaid with a bank that does not support oauth scares the hell out of me and I have backed out of using services because this was the only way to enter bank details. I am still shocked that this is largely considered an okay practice.

[kolanos]

If utilities gave them any other way, I'm sure they'd be using it.

[mcbishop]

The three major California utilities have an oAuth 2.0 option (PG&E's is called Share My Data). I wonder if Pelm has considered supporting that.

[dmitrygr]

That is a poor excuse for a clearly bad security practice. That is akin to a mugger saying “if the world gave me another way to make money, I wouldn’t be mugging people”. Some things just shouldn’t be done! This is a hill I’m willing to die (by a thousand downvotes) on!