At least you are logged out automatically after ten minutes. But if you've ever submitted a password reset request on the Mint.com web site, the link stays active for a long time, much too long. It was still active a month after the request. I emailed the webmaster as I couldn't find any other contact address on the site, and got back a boilerplate response, naturally:
Please do the following to recover your password:
1. Go to the login page at: https://wwws.mint.com/recovery.event
2. Click on the “recover it” link next to “forgot your password”.
3. Enter in the email address you used to create your Mint account.
4. An email will be sent to the email address you specified (note: the link is valid for only two hours).
5. If you don’t see the information in your inbox, please be sure to check your spam and bulk mail folders as well (ISPs sometimes route emails to these folders).
At least the email got through to a person and didn't sit around forever in unread email lalaland. You have to give them credit on that, in this age of email inundation. On a tangent, is knowledge management the solution? Back to the topic, I emailed them saying that email can be captured and snooped. All I ever got back was the standard "a highly trained team of monkeys is feverishly working on the situation" automatic reply email.
Today I reset my password again, and the same thing happens. The reset link stays alive after using it. It's not a big deal if you use the link, because you'll notice if someone snooped and reset it. You'd think Mint would send an email alerting you that your password has changed.
Here's the reset email:
This email was sent in response to your request to recover your password. To reset your password and access your account, click on the link below.Also they are using a google analytics urchin tracking link, which is kind of irksome for the paranoidal borderline-schizo types like me.
Reset your password [https://wwws.mint.com/recovery.event?username=email@example.com&token=xxxxxxxxxxxxxxxxxxxx&utm_source=xxx&utm_medium=xxx&utm_content=xxx]
The link will reset your forgotten password, and let you create a new one. For security purposes, this link will remain active only for the next 2 hours.
If you did not request that we send this Forgotten Password email to you, please report this email to us at: support@mint.com
Thank you for using Mint.com!
Cheers,
The Mint Team
One final thing, I also get a "Connection Partially Encrypted" message in the Firefox "Page Info" window.