I'm trying Simplifi, and one thing that is extremely frustrating is that I am getting prompted for MFA codes *constantly*. The Bank of America one comes up every time I sign in to Simplifi. The Chase one every few days.
I was trying to figure out why this was happening at such an alarming rate with Simplifi compared to Mint. Then I realized, Mint uses the OAuth APIs for both banks.
Bank of America:
https://developer.bankofamerica.com/#/homeChase:
https://developer.chase.com/products/aggregation-fdx/guides/getting-startedI can only imagine there are other examples of this. It should be standard practice to use OAuth whenever it is available. The benefits are manifold:
- OAuth doesn’t require you to share your usernames and passwords with Simplifi.
- OAuth gives you full control and visibility into the data you choose to share. You don't have to share all of the accounts you have at an institution with Simplifi.
- OAuth allows you to track which financial aggregators have access to your account data and terminate it on a per-aggregator basis without having to change your password and reset access to all of them.
- OAuth doesn't require constant MFA re-authentication.
OAuth is the right choice for my security (and convenience) and that of all Simplifi customers. Will Simplifi commit to using OAuth for every institution that makes it available?