[evilDagmar]

It's amusing how the article says it's "potentially" in violations of US hacking laws.

That practice is _definitely_ a violation of the Computer Fraud and Abuse Act. No employer's IT is going to have it not be a violation for a user to share their password with someone else, which even in the weakest boilerplate immediately revokes their rights to the account. At that point _any_ use of those credentials is very much a violation of the CFAA.

[wmf]

Was Plaid violating CFAA?

[mitthrowaway2]

I hope so. Asking for your bank account's login is an absurd requirement and breaks all the lessons we work so hard to teach people.

[aitchnyu]

Twitter invented OAuth around 2010 since people were typing their credentials into third-party clients.

[rohan_]

IT's policy is more for unauthorized credential sharing to a third party that is not legally acting as a designated data transfer agent. what argyle is doing is legal and fine.