Password managers can help you identify when you’re on the site you want, or might be somewhere you do not intend. By comparing the url of the site you’re on, to the urls saved in the password manager, the password manager can indirectly alert you to a suspicious situation.
Here’s an example. In the Robinhood app (which registers on iOS as Robinhood.com), you are prompted for a Wells Fargo account and password.
This sure looks a lot like Wells Fargo, but the password manager (Dashlane) tells you it detected that you’re actually entering this information on Robinhood.com.
If you ever find yourself in a situation where your password manager credentials don’t match or don’t autocomplete on a site where you expect they should, it should set off all sorts of alarms in your head.
This is not the login page for the site you think you’re on.
So then why does Robinhood make it seem like you are entering your information on Well Fargo?
In this case, the app is not trying to steal your bank information (or so they say), instead, it’s trying to help you log in quickly, so you can get back to using the app as soon as possible.
Robinhood, like many other financial apps, uses a service called Plaid (owned by Visa) to sign in to your bank accounts. Plaid touts itself as “The easiest way for users to connect their financial accounts to an app”. Incidentally it’s also the easiest way to condition people to fall for phishing schemes.
“Secure and private”, or “encrypted transfers and no access by Robinhood”, boils down to you trusting Plaid with your financial account information.
Is using Plaid any worse than sending your bank account and routing numbers? Well, at least you can change your password easily enough after giving your old one to Plaid. Changing a bank account is a bit more cumbersome.
Just be aware, the same tricks Plaid is using to make you think you’re logging into your bank can be used by more nefarious actors. And if you’re not using a password manager to help you recognize these tricks, you just might fall for one.
Stay safe. Wash your hands. Wear a mask. And use a password manager 🧼
Ryan's Blog 