Is YNAB secure?
Hi! So I am starting a budget with my husband and I have my accounts linked but he doesn't want to link his because he doesn't think it's safe. Is our bank information 100% secure?
-
Just to clarify, when it comes to online security, there is no such thing as 100% secure.
That being said, from what I know YNAB doesn't directly store your back credentials. Some one from YNAB could probably give more info on how the bank linking works.
YNAB works fine without the automatic import, just means a bit more time reconciling accounts. Beside, it is better to put in transaction as you make them. The import tool just makes it a quicker to reconcile YNAB with your accounts.
-
Hi Slate Blue Pilot !
Security is at the top of our list with YNAB. We know it's important to you, and as YNAB users ourselves, we understand exactly why. The health and future of our business also depend on our ability to ensure the privacy and security of our customers’ data.
We use Direct Import partners to keep your banking information safe. This means we don't store your account information in YNAB. Also, YNAB has read-only access to your transactions, so access to your budget doesn't mean access to your banking information.
I'll leave a few highlights from our security policy below, but if you have any other questions please don't hesitate to ask! :)
- All connections are encrypted and data is encrypted at rest.
- We underwent a security audit and a database audit from one of the top consulting firms. This is done on an annual basis.
- Our password policy does not allow the top 2,085 passwords. By not allowing common passwords, we prevent customers from putting themselves at risk.
- To that end, we don’t store passwords. We do mathematical stuff to customer passwords so if the passwords do ever fall into the wrong hands, they still aren’t decipherable.
- We’re built on the same infrastructure as the CIA’s internal cloud service.
-
Faness that sounds good. One question, how confident are we that the third party banking import partner is keeping our information secure? Just because you're not keeping our information, it's still out there. What security measures do they take?
-
Bruce Great question! We partner with Finicity, MX, and Quovo as our providers of Direct Import financial data aggregation, so you can find specifics related to their security policies and practices on their websites. I just looked into it, and your connections are handled by Quovo, so give their security policy a read! 😊
-
-
Hi. I've been a YNAB subscriber for several years and seem to recall that at the time I signed up, the application was encrypting my data at the endpoint (i.e. my computer) prior to transmission to YNAB servers. In fact, it was the whole reason I chose YNAB over other applications. I see that you are presently encrypting the link to your servers and data at rest on your servers. However it's not clear to me what is happening at the endpoint. Has this changed?
-
Hey Orange Display ! Our entire infrastructure is built on Heroku, which in turn is built on the technology of Amazon Web Services (AWS). More details are included under "Infrastructure" in our Security Policy.
As to changes regarding the endpoint, I'll need to have a colleague look into the specifics, and have reached out via email, so we can get that answered for you!
-
-
Thanks, Nicole.
