Thanks!
I went and deleted stuff in the Plaid portal. In order to find everything, I had to add some accounts. In doing that, I added a few accounts that didn't have anything. So I guess now Plaid has that information too 
But they did say that they were deleting the data associated with those accounts. If that means they are deleting my credentials from their side and not tracking my password updates anymore, then great. But I don't really believe a word they say so....
@Anonymalous wrote:
@kremonis wrote:On thing I do is when offered security questions, I use ones that don't apply to me. For example, if single I would answer the question "Where did you spend your honeymoon". It cannot be guested or found in public records because it does not apply to me. Then make the answer an long, random, alphanumeric string.
That brings up an interesting issue, which is there's been a seismic change in the last few years in the thinking about passwords. The National Institute of Standards and Technology (NIST) did a lot of research on human behavior, and it turns out requiring complexity (upper/lowercase, symbols, numbers) makes passwords easier to crack. One reason is people follow very predictable patterns when forced to add a number and a symbol to their passwords. Hackers already have dictionaries of all the common passwords, and it requires relatively small additional amount of effort and computing power to account for simple variants like adding a 1 and a ! at the end. Complexity also means people write down their passwords, which is another giant security vulnerability.
And it turns out the additional complexity of a random string of all possible letters, numbers, symbols, and cases isn't really that important, because you can reach equivalent password strength just by making the password a few characters longer. That's because each additional character geometrically increases the time required to guess the password.
That's why the NIST recommended increasing the length of passwords, and getting rid of complexity requirements (among other things, like strongly pushing toward multi-factor authentication). If you don't know, the NIST guidelines are the gold standard. They're not just required for a government systems, but widely adopted in the private sector. Here's the full document:
https://pages.nist.gov/800-63-3/sp800-63b.html
The old XKCD comic has one technique for picking a long but easily memorable password:
Just don't pick anything that's searchable. Every line of text and lyric has probably been scanned, so even the refrain from an obscure song is a bad idea.
I agree with everything you wrote except one small hair to split; you wrote, "That's because each additional character geometrically increases the time required to guess the password."
I would argue the sentence should have said, "That's because each additional character exponentially increases the time required to guess the password."
@Anonymalous wrote:Your email should be your most secure account, followed by financials. That's because email can be used to unlock other accounts.
If a site still follows bad practices and asks you to enter security questions, lie. Don't tell them the first street you lived in, the city where you got married, or any of that. Too much of that can be culled from public sources. Instead, make something up.
Never, ever, under any circumstances, use a service that uses Plaid.
This^^^^^^^
i had an email hacked and they had a field day spending up my suntrust checking and savings thru PayPal.
the was this you? , password recently changed, And 2fa emails were going to the crook because they had access to the email.
and yea the time I used plaid for verification I immediately changed my login info because it just left me feeling dirty providing it to plaid. I don't understand why ANY bank uses it. EWS will give them all the info they need with just name and DOB
I also use a private browser for everything financially related.
current FOTM is DuckDuckGo
it deletes all cookies, downloaded email attachments, browsing history, open tabs, ect. every time I close the app.
Also have it set up so if I put my phone down for a few minutes with it open or in the background it auto clears everything.
Or you just click the little 🔥 button at the bottom and *poof* everything gone.
in the settings you can set it up to Never remember passwords or autofill data.
working pretty good for me so far