authentication - Is Plaid, a service which collects user’s banking . . . Plaid has raised billions in funding! I would think with Plaid using bank logos to make their “fake” bank login forms look legitimate, banks would be after Plaid with lawsuits But apparently some of them are investors! On Plaid’s website Citi, American Express, and others are listed as investors
Is Plaid safe if I change the password after deposit? Coinbase doesn't know the password Plaid technically yes, but they are safe What's not safe (Imho) that there is a possibility that someone will hack into Plaid in the future For the sake of this question I assume, that Plaid itself is safe (even so, they will have my password only for 5min) But thanks for answer
I linked an account with Plaid. If I change my username and password . . . “ Can Plaid still access my account without even after I change my username and password?” Well Plaid's access to your account is dependent on the token, not your username and password If you change your username and password, the token becomes invalid, and Plaid should no longer have access to your account There are scenarios where Plaid can still have access, but in general, no
What information is shared by an audio bluetooth connection? See: car companies using your location data to sell your driving habits to insurance companies, or Plaid selling people's entire financial transaction history (They may not even want the call history itself, but it contains my contacts, which many companies do desperately want )
Can a certificate have multiple unrelated roots? Cross-signing is a way to have a leaf certificate that chains-up to two different root certificates But, that may be overkill in your case When renewing the certificate, you'll need to update the server with the new private key and new leaf certificate If you're already doing that, then you may as well just update the entire certificate chain, and that should solve the problem (assuming you
Login, logout, session ID hashing and logging This is a valid and secure approach It's a particularly good idea to only store a hash of the session ID (unfortunately, not every application does that) The only aspect which seems slightly odd is that you have two session-related tables, session_store and user_session Unless you have a good reason for this, you shouldn't do it, because it forces you to keep the tables synchronized For