
Is YNAB secure?
Hi! So I am starting a budget with my husband and I have my accounts linked but he doesn't want to link his because he doesn't think it's safe. Is our bank information 100% secure?
-
Just to clarify, when it comes to online security, there is no such thing as 100% secure.
That being said, from what I know YNAB doesn't directly store your back credentials. Some one from YNAB could probably give more info on how the bank linking works.
YNAB works fine without the automatic import, just means a bit more time reconciling accounts. Beside, it is better to put in transaction as you make them. The import tool just makes it a quicker to reconcile YNAB with your accounts.
-
Hi Slate Blue Pilot !
Security is at the top of our list with YNAB. We know it's important to you, and as YNAB users ourselves, we understand exactly why. The health and future of our business also depend on our ability to ensure the privacy and security of our customers’ data.
We use Direct Import partners to keep your banking information safe. This means we don't store your account information in YNAB. Also, YNAB has read-only access to your transactions, so access to your budget doesn't mean access to your banking information.
I'll leave a few highlights from our security policy below, but if you have any other questions please don't hesitate to ask! :)
- All connections are encrypted and data is encrypted at rest.
- We underwent a security audit and a database audit from one of the top consulting firms. This is done on an annual basis.
- Our password policy does not allow the top 2,085 passwords. By not allowing common passwords, we prevent customers from putting themselves at risk.
- To that end, we don’t store passwords. We do mathematical stuff to customer passwords so if the passwords do ever fall into the wrong hands, they still aren’t decipherable.
- We’re built on the same infrastructure as the CIA’s internal cloud service.
-
Hi. I've been a YNAB subscriber for several years and seem to recall that at the time I signed up, the application was encrypting my data at the endpoint (i.e. my computer) prior to transmission to YNAB servers. In fact, it was the whole reason I chose YNAB over other applications. I see that you are presently encrypting the link to your servers and data at rest on your servers. However it's not clear to me what is happening at the endpoint. Has this changed?