It had been a while since I’d logged in to Mint.com from my iPhone and I had forgotten just how easy it is. The online PFM pioneer has boiled the process down to the bare minimum (assuming you’ve enabled "passcodes," see note 1).
Logging in takes just four numerical "keystrokes." You don’t even have to press a login or done button (inset). As soon as you press the last digit, you are automatically logged in.
As an added bonus, PIN authentication is handled on the phone instead of the server, so you get an immediate error message if you type in the wrong one.It’s a great user experience, though I wish Mint still supported the stay-logged-in option, which is fine when accessing a "read only" data file (note 2).
This brings me to my main point (finally!). Banks need a "read-only" account access option (note 3). Than means no account numbers are shown. No check images are accessible. No personal info is available. And of course, you can’t perform any transactions (note 4). And the read-only password should be different than the "normal" one.
The read-only option would make customers feel more secure about banking online, especially from:
- Mobile phones
- Tablets
- Wifi hotspots
- Hotel rooms
- Friend’s house
- Public terminals
- Home (if you don’t trust your own network)
- PFM or third-party programs (note 3)
With read-only services, bank security folk can ease up on unwieldy password requirements for mobile access. And it might even prevent a crook or two from gaining full account access due.
———————
Notes:
1. The four-digit PIN option is for users that have enabled passcodes for login from the Settings area in the Mint.com app. Otherwise, users must enter their full Mint username and password.
2. While it’s a privacy concern, read-only account access with no login should be an option for a PFM. Of course, you must make it absolutely clear to users the danger of non-password protected data.
3. ING Direct offers read-only access to PFM programs
4. Funds transfers among existing accounts or even to existing billers could be OK, but it muddies the waters a bit from the perspective of the user.