Loading Profile...
Twitter,
Facebook, or email.
problem connecting E*TRADE account with RSA token
I am unable to connect to E*TRADE account. I do have the RSA token from E*TRADE that is used during the login and I wonder if that has something to do with it.
Official
Responses
-
To our valued users,
My apologies. What I really wanted to say is that you can disable the MFA security only if you feel confident while we are doing our best to resolve the issue. The message though came off bad is an honest mistake. Please allow me to rephrase and elaborate what I previously said.
Currently, Mint will not be able to link to E*Trade accounts with RSA Tokens. If the RSA is disabled, that is the only way the user gets to add the account to Mint successfully. However, it is the user's choice if he wants it deactivated. Of course, beware of the possibility of security breach.
What other users do is they disable the MFA security only at the time they add the account to Mint and every time they want to update the account within Mint. Once account is added and account balance and transactions are updated in Mint, they go back to their online banking to re-enable the security.
Here's the step-by-step workaround:
1. Disable enhanced MFA security from the online banking site.
2. Log in to Mint.com to add the account or manually update it. To update the account, hit "Fix It", then re-enter the correct credentials. This will force the system to connect to the account.
3. After successful authentication and update, go back to the online banking site to re-enable the the enhanced MFA security.
While the MFA security remains enabled, the account in Mint will be in error state. Although this is laborious, others do this to be able to add or manually update their accounts so they can continually see the whole picture of their finances in Mint.
Again, my apologies. -
EMPLOYEE
I’m
sad
Hi Minters,
We would like to advise that as of the moment, Mint cannot support accounts with RSA Token.
If you can disable this enhanced security from your account, we suggest you do so. This way, you will be able to add it to Mint.
We are still looking into developing support for this form of enhanced Multi Factor authentication security.
We do apologize for the inconvenience. Good day!
-
I see it can get the list of my accounts, but no balances. And it keeps saying there is a problem. So it sounds like it's a communication / data mapping issue between e-trade and mint, and not necessarily anything to do with the RSA token.Comment
-
-
I was able to connect and then it stopped updating and won't start no matter. I did close one account . Would that do it? -
-
I found that if you modify the password with your etrade password & current security key (just like you would if you are logging in to e*trade directly) the sync works.
Unfortunately, you have to do this every time you log into mint.- view 1 more comment
-
-
This doesn't work for me either. I experience the same issue that artemb does where it immediately says the loging failed.
-
-
Doesn't work, whether I use password and key or just password. It worked with Pageonce, so it is a Mint issue not an Etrade issue.
-
-
-
-
It doesn't work for me. I re-enter the RSA key right when it refreshes to see if it will work that way but it doesn't.
-
-
I’m
sad
I just keep my base password (without the RSA key) and go to E*Trade every time I want to log into Mint to disable the key until Mint updates, then re-enable it.
From E*Trade:
My Info > Security & Passwords > Digital Security ID
There's also something in Mint's support forums saying they know about it and plan to have it fixed sometime this year, but I can't seem to get to the forums at the moment. -
-
I’m
sad
Really need to access etrade without disabling RSA. How does Quicken do it! -
-
All E*Trade account holders with the token have this problem it seems. Why hasn't Mint responded in this forum with an update? -
-
I’m
kidding
Sadly since Mint was acquired by Intuit, we had not seen any customer service response. I think they are all counting their options, and probably don't use mint to do it. -
-
I’m
frustrated
Not surprising. Intuit and customer service is an oxymoron! Same with Quicken.....
-
-
I’m
frustrated
Im having the same problem ... RSA user and i don't want to enable it and disable it\ overtime. Someone has to figure it out. Since Intuit owns quick books they should know how to solve this problem
-
-
I am so appalled by their lack of response on this and other issues. They should really not let people use the account if it is not working. I am facing myriads of issues related to financial transactions. In my opinion the limit of the design has been reached and they just cant handle the modifications without doing a major overhaul. Most of the web2.0 stuff are like that - jazzy but lacking robustness of design and thoroughness in the solution.
-
-
I don't think they can solve RSA log-in issue as a new dynamic number is created each time. The only ones working are accounts not using the token. At least they should acknowledge this as E*Trade is listed as a company they support. Again, that's just Intuit for you.
-
-
I’m
frustrated
Intuit itself has solved the problem. Other account aggregators have also worked it out. So, the solution exists. To me mint is more of a prototypical product not yet ready for the prime time. If they want to work in beta mode then they should also have developers responding and enhancing it regularly. But that is not happening here.
-
-
wasn't aware of that. In that case they do truly suck at this. One reason I don't rely on them to really managing my finances.
-
-
Hi Minters,
I wanted to confirm that we are looking into the issue you are having with E*Trade accounts which has RSA Token. We'll post an update as soon as we have one.
Note: Please do not delete the accounts until we post an update as we need it to be open in order to investigate.
Thank you for your patience in the meantime, we apologize any inconvenience.
Have a great day! -
-
EMPLOYEE
I’m
sad
Hi Minters,
We would like to advise that as of the moment, Mint cannot support accounts with RSA Token.
If you can disable this enhanced security from your account, we suggest you do so. This way, you will be able to add it to Mint.
We are still looking into developing support for this form of enhanced Multi Factor authentication security.
We do apologize for the inconvenience. Good day!- view 1 more comment
-
-
You want me to compromise my security just to see some fancy reports?
-
-
I agree with msw...suggesting that we disable our security token is irresponsible and it a good indicator of how mint feels about security.
-
-
-
-
I’m
irritated
"If you can disable this enhanced security from your account, we suggest you do so. "
I would advise against that one. People with RSA tokens usually have a RSA token for added security because they have 50K plus in investments. Im a day trader with an RSA and would never ever disable it. I have heard horror stories of what can happen and the protection you would have if someone go in your account. Im Sorry MINT.com but I think that is not a good recommendation unless you are will to take on the liability to RSA account holders if there security is breached due to deactivation of there token. The last thing you should recommend to anyone is to downgrade there security top use your product SHAME ON YOU MINT.COM you don't put your clients at risk to solve your problems. That is just plain bad business....-
Second that sentiment! This is a really lame response by Mint. It seems to me that most financial institutions are actually violating a ruling by the federal regulators that stipulates multi-factor authentication as mandatory. Once they are actually enforcing this ruling and more banks and credit unions are complying, as they should, it seems to me that Mint is going to be cooked with their approach!
-
-
Yeah, there is no way I will disable RSA, because I have my Trading, IRA, and Checking with them. I don't even use Mint anymore because of this limitation.
-
-
-
-
-
To our valued users,
My apologies. What I really wanted to say is that you can disable the MFA security only if you feel confident while we are doing our best to resolve the issue. The message though came off bad is an honest mistake. Please allow me to rephrase and elaborate what I previously said.
Currently, Mint will not be able to link to E*Trade accounts with RSA Tokens. If the RSA is disabled, that is the only way the user gets to add the account to Mint successfully. However, it is the user's choice if he wants it deactivated. Of course, beware of the possibility of security breach.
What other users do is they disable the MFA security only at the time they add the account to Mint and every time they want to update the account within Mint. Once account is added and account balance and transactions are updated in Mint, they go back to their online banking to re-enable the security.
Here's the step-by-step workaround:
1. Disable enhanced MFA security from the online banking site.
2. Log in to Mint.com to add the account or manually update it. To update the account, hit "Fix It", then re-enter the correct credentials. This will force the system to connect to the account.
3. After successful authentication and update, go back to the online banking site to re-enable the the enhanced MFA security.
While the MFA security remains enabled, the account in Mint will be in error state. Although this is laborious, others do this to be able to add or manually update their accounts so they can continually see the whole picture of their finances in Mint.
Again, my apologies. -
-
I’m
frustrated
Same problem here with E*Trade the RSA token.
It's strange, though, because I can download from E*Trade in Quicken without using the RSA token. Perhaps Mint could tap into E*Trade in the same way that works (seeing as it only downloads info and doesn't allow transactions to be made). -
-
I’m
indifferent
Simple answer - Mint is rich in presentation but poor in technology. Seems true for most of the 'Web 2.0' products. -
-
Since it's been demonstrated that this is not a universal problem for personal finance clients, is there an ETA for a fix for this for Mint? -
-
I’m
frustrated
Has there been any progress towards a fix for this problem? My understanding is that in the not so distant past, it was if fact possible for third party services using a security token to access E*Trade accounts that have two factor RSA authentication enabled.
Would like to get started using mint but this is a major stumbling block. -
-
I’m
frustrated
I appreciate the apology and re-wording, but still hope to have a resolution soon.
Perhaps mint could try with the username/password that was supplied by the user, and check to see if e*trade throws an error about the RSA key. If it does, pop up a box asking the user to enter one. A simple concatenation of the key to the end of the password would give you a quick, dirty solution to be polished later. Some customers would be annoyed by the hackish attempt, but I assume most would be happy to see any real progress. Besides, it cuts down on several steps and keeps security intact.
A major flaw here, and a driving factor to improve, is that the key expires about every 60 seconds, and depending on response times, it can take more than 30 seconds just to find out if there even is a key. You should time how long it takes from the time the box pops up until the credentials are verified, and put up a note that people should make sure the key they're entering has (static_cast(seconds_til_verification/10.0)) bars left, as the token has up to six bars on the left side of the numbers, each one indicating ten seconds. -
-
I’m
irritated
It's worth noting that my E*trade complete account can be added successfully to my Yodlee account using the same username and password+RSAcode combo that works on the E*Trade web site.
My understanding is that Mint.com uses the Yodlee backend, so this appears to be a problem on Mint's end.-
Two months and still no closer to a resolution. Looks like the Intuit corporate suck has set in and the hey-dey of Mint is over.
-
-
-
-
-
I’m
disappointed.
I feel this is not a good enough workaround.
Why not offer the ability per account to "Not save the password for this account." so that we can enter it when we log in to Mint?
That would cover a whole lot of issues and make a whole lot of people happier with the software. People who don't feel safe with Mint might feel safer this way, and this would solve the RSA problem!
Thanks for taking the time to read this. -
-
I’m
disappointed
I agree that a "don't save the password for this account" option would be nice. What would be more ideal would be for financial institutions to support some sort of limited, read-only API so that I don't have to allow services like Mint to save and utilize the same credentials I use to move money, change my personal info, and do other sensitive things that are completely irrelevant to the service.
You'd think that financial institutions would be on top of the OAuth/OpenID push that's been going on for a while now, since they deal with information that's far more sensitive than that held and exchanged by social networking services. -
-
I’m
miffed
The problem also seems to affect Schwab users with Verisign tokens (which work the same way as RSA securID tokens). It's very surprising that this hasn't been solved yet. The E*Trade RSA securID token worked fine for years on my PC with MS Money without ever having to re-enter the code and apparently Yodlee has no problem either, so I don't see why it isn't easy to solve. I was on the fence about actually setting up my accounts in mint.com, but it looks like it must be "no mint for me."
-
-
I’m
frustrated
Mint,
This is simply an unacceptable "solution" or workaround. Disable/Enable-ing MFA on my account is an 10 minute ordeal. Doing so means I risk locking myself out of my account every time I would want to update Mint. This is just dumb.
What is so difficult about prompting for my PIN and passing that along to the aggregator? My bank requires me to have the RSA token, and Mint is just useless with out my bank data.
Thanks-
Mint,
I don't understand why you guys refuse to fix this extremely annoying problem. It's almost as if you're determined to sabotage your own product and destroy any customer loyalty you have left. Several users have offered perfectly reasonable and workable suggestions that should be simple for you to implement. Instead, we seem to get lame excuses and ridiculous suggestions back from Mint.com
PLEASE LISTEN TO YOUR CUSTOMERS, OR YOU WILL LOSE THEM ONE BY ONE. -
-
-
-
-
I’m
Disappointed
@hdmster: Keep in mind, we are not their customers. We are their _product_.
That said, I would venture to say that the people that have this issue with RSA dongles from etrade are probable a valuable product / demographic (generally high income/net worth).
The fact that customer support keeps closing the issue even when they only provide a work around tells me this is not being escalated to the correct levels or channel.
An insecure work-around does not equal a solution. -
-
I’m
really really frustrated
Still no progress here? It's the only thing holding me back from doing this.
-
-
I’m
shocked at the lack of customer focus.
I'm amazed that mint hasn't solved this problem, or even managed to acknowledge it to the point that the support staff know it exists.
I can't pull info from all my accounts - including etrade - into one place because of this problem. Since that's the fundamental premise of mint, the service is useless to me.-
It's amazing that it's still not working. I can't imagine that its so hard to set up, given all the new stuff that banks are doing to interface with each other.
-
-
-
-
-
I’m
frustrated
Wikinvest works with etrade RSA dongle.
Why doesn't mint?? -
-
As someone said that Yodlee works, I went there to try that and see if I should switch over from Mint. Oddly enough, it would successfully pull my investment info WITHOUT the RSA code. I don't know how that is possible, but it's disconcerting (the RSA tokens show as active in my security settings). It won't even try for my Etrade bank accounts though, saying that Etrade bank is not supported anymore.
-
-
I’m
disapointed
The MS Window's version of Quicken can also get my data without the RSA token. I am trying to switch from desktop version to Mint.com, so I was surprised to see that one of the Quicken products can work with ETrade RSA and the other cannot.
-
-
Why not work out a solution like ING has - where ING issues a special authorization code, you add that to your Mint login to ING and it syncs?
-
-
I’m
disappointed
mint should just prompt for the current etrade password when you log in. It has been 7 months since Mint rep. stated a solution is in progress. I understand this is a free service but etrade is a rather large institution and the RSA token security layer is not too uncommon
-
-
I’m
frustrated
I am an E*Trade user who would like this to be fixed. I've used the workaround of temporarily disabling my RSA token on E*Trade, but Mint locks my E*Trade account by repeatedly trying to log into it with the wrong password after I re-enable the token.
Could Mint try to fix this? E*Trade provides the OFX files with plain username/password authentication. The GNUCash project has some relevant settings listed here: http://wiki.gnucash.org/wiki/OFX_Direct_Connect_Bank_Settings -
-
I’m
still perplexed that they can't fix this...
www.etrade.com works for me with id and passcode with RSA code. us.etrade.com does not. I can't get all my info downloaded without both for banking and investments.
-
-
I’m
optimistic.
I am able to get all brokerage data down using www.etrade.com and with user id and password alone (no RSA). I have RSA protection enabled, so it must not be required with backend access. I do not have an ETrade bank account, just brokerage.-
Retract. It stopped working. I have to now add current RSA code via "FixIt" to manually force an update, which I will likely keep doing once a week. This change must be related to the change in Mint.com's update backend system happening now. (Note: USAA's money manager aggregator does not require RSA code to retrieve ETrade data at this time.)
-
-
-
-
-
I’m
annoyed
Up until this system upgrade I was able to get around this problem by adding my RSA #'s to the end of my password for bank accounts. (brokerage would work without the RSA #'s, but only after I updated the bank accounts)
Since the recent update (a few weeks ago?) I haven't been able to get mint to look at either bank or brokerage accounts. Very frustrating.
I don't really want to log into etrade and muck with security settings every time i log into mint.
Are there plans to fix this beyond the disable token work around already posted? -
-
I’m
extremely irritated
I just signed up for Mint today and found that I cannot use E*Trade because of the RSA token. The work around identified by Mint is unwieldy. Why can't it just be set up that when you log in to mint, it asks you for your password+token number? I will not be using Mint going forward until this is corrected.
-
-
I’m
disappointed
As a long time user, I would have appreciated a warning before de-supporting e*trade. It basically makes Mint unusable for me.
-
Mint is still very useful for me, especially having an aggregate view of transactions. But I also like having the whole-picture balance, and it is worth me keying the RSA once a week in the FixIt interface (at least for now.) I appreciate the challenge: *we* have decided on the option to have an extra layer of RSA security... why should any aggregator get to bypass that? I considered it, but I've decided to not shut off RSA.
-
-
I was happy to do that for a long time. The 'new' login system which was just activated for my account no longer lets me do that: as far as I can tell, entering pwd+RSA key in the FixIt interface no longer works.
-
-
-
-
-
I’m
frustrated
The other irritating thing about this issue is that mint keeps on locking out my etrade account due to too many failed login attempts.
-
-
FYI - Quicken on my PC was doing the same thing. Not only was Quicken (1) trying to log into my E*Trade account most nights in the middle of the night from my own PC, failing, and therefore locking me out of my own E*Trade account every time I tried to log in to their web site, but also (2) Quicken's server was trying, too (though less frequently). I find it horrifying to think of anyone or anything signing into my financial accounts without my live supervision.
I was able to disable Quicken on my PC from doing its misbehavior by: msconfig.exe > Services tab > uncheck "Intuit Update Service". That won't stop Quicken's/Intuit's (or Mint's) servers from trying, but at least the lockouts have stopped.
How do I know what was trying to dial in? E*Trade keeps track of the IP# of any attempts to log into an account. The history showed my own PC was doing most of the failed attempts at like 1:30am, even though I had not even run Quicken for over a week. One other attempt was from a source that E*Trade recognized as being an Quicken/Intuit server. Quicken Tech Support refused to acknowledge anything and didn't want to me to disable that service, but the proof of the former is that the problem stopped when I disabled that Intuit Update Service.
Too bad my solution won't stop Mint from misbehaving for you. -
-
Thanks. Based on the other issues listed here, like the BofA SafePass problem with the 2000+ followers(!), I think E*Trade + MFA is pretty low on Mint's priority list. Support also seem to be confusing being able to add an account vs. keeping it updated.
I think I'm going to check out indinero.com, it's more geared towards business, but the demo on the site looks like it would work fine for personal finance as well -- there's a free version as well. -
-
I’m
frustrated
Mint could find a fix here, just chooses not to.
-
-
Yeah, just noticed none of my brokerage or banks will update with RSA security. Frustrating...
-
-
Welp, so much for RSA SecurID tokens, their security seems to have been severely degraded:
http://www.rsa.com/node.aspx?id=3872
Might want to make sure you have a good PIN.-
I'm not sure I would say severely degraded. While I have no special knowledge of the circumstances of the attack, RSA is unlikely to have actual customer info. More likely the algorithm mapping a Token ID to a generated code is what got compromised.
While this is not good for RSA, on its own it does not enable attacks on customer accounts. That would require info on which customer account is linked to what token which is hopefully only known to ETrade. Now if they got hacked too... -
-
I'm not sure I would say severely degraded. While I have no special knowledge of the circumstances of the attack, RSA is unlikely to have actual customer info. More likely the algorithm mapping a Token ID to a generated code is what got compromised.
While this is not good for RSA, on its own it does not enable attacks on customer accounts. That would require info on which customer account is linked to what token which is hopefully only known to ETrade. Now if they got hacked too... -
-
-
-
