|
|
|
|
|
|
by T3OU-736
1075 days ago
|
|
|
(Assuming this is what you meant by *but there you'd at least hope for encryption*, but expanding to verify): Even in this case, it seems unreasonable to store the password. Rather, the user's Plaid login should act as a part of multi-token access setup, where Plaid's backend services' tokens can also be used to decrypt the user's credentials in order to authenticate to those other service. In short: even then, storing plaintext passwords seems... like choosing convenience for security, and that seems very wrong. |
|
|