1May
I linked an account with Plaid. If I change my username and password, will that mostly protect me in the event of a breach?
This is very similar to this question from 5 years ago, but I didn't see a clear answer: Is Plaid safe if I change the password after deposit?
I've linked an account with Plaid. That account is 2FA enabled (google-type authenticator). As I understand it, Plaid now potentially has my username and password stored somewhere. Now let's say that I change my username and password to something that isn't in Plaid.
Am I now mostly protected against a malicious actor logging into my account if they get my username and password from Plaid? What if they take control of Plaid?
I have some more specific subquestions which might get at this as well. I could be misinformed.
- Does Plaid get my new username and password when I change them? (I'm pretty sure no)
- Does Plaid get some other credential thingy that it can use to bypass my username and password, move money around, and view my account information? (I'm pretty sure no, except I think they might have my SSN and things like that potentially)
- Can Plaid access my account without my authorization, even though they don't have my 2FA? (I'm pretty sure yes)
- Can Plaid still access my account without even after I change my username and password? (not sure) What about if I use the Plaid portal to remove all connections associated with this account, then delete that account from the Plaid Portal? (not sure)
- If a malicious actor got my username and password from Plaid but didn't get anything else, could they get into my account without 2FA? (I'm pretty sure no)
- Is there a straightforward way to get Plaid to delete my login credentials and sensitive identifiers? (Pretty sure no)