top | item 45420469

(no title)

evilDagmar | 5 months ago

It's amusing how the article says it's "potentially" in violations of US hacking laws.

That practice is _definitely_ a violation of the Computer Fraud and Abuse Act. No employer's IT is going to have it not be a violation for a user to share their password with someone else, which even in the weakest boilerplate immediately revokes their rights to the account. At that point _any_ use of those credentials is very much a violation of the CFAA.

discuss

wmf|5 months ago

Was Plaid violating CFAA?

mitthrowaway2|5 months ago

I hope so. Asking for your bank account's login is an absurd requirement and breaks all the lessons we work so hard to teach people.

rohan_|5 months ago

IT's policy is more for unauthorized credential sharing to a third party that is not legally acting as a designated data transfer agent. what argyle is doing is legal and fine.