Mint

When it comes to budgeting, you can never have too much help.

Even the most disciplined spenders sometimes need an extra pair of eyes on their finances to keep them on track. Yet, only 41% of Americans use a budget, according to a 2016 study by U.S. Bancorp  (USB) .

Tens of millions of people looking to manage their finances without the work, however, have flocked to Inuit's (INTU) budget app Mint -- popular for its easy and free budgeting services.

However, as with any financial app, safety is a concern -- especially when users are linking bank accounts and private financial information. So, is Mint actually safe? And how does it work?

What is Mint?

Mint is a free budgeting app that syncs users' bank accounts, credit cards, PayPal.com  (PYPL)   accounts and other accounts to help track incoming and outgoing money. The app is part of Intuit (the creator of TurboTax and QuickBooks) and has over  20 million users. Among other services, Mint gives users a free credit score and reminds them when they go over budget.

Mint also tracks users' bills and is able to provide alerts to ensure they won't miss a payment. And, Mint has an online version (www.mint.com) that allows users to manage their finances at home or on their smartphone or other device. Additionally, the app is available for Apple Inc's  (AAPL) iPhone or iPad, as well as Google's  (GOOG)  Android and Microsoft's  (MSFT)  Windows devices.

How Does Mint Work?

As a finance aggregation app, Mint helps users create and manage budgets by using the information from bank accounts, bills, credit or debit cards, and PayPal (PYPL)  and other accounts to track how much money users are taking in and how much they spend.

Once users create an account, they can enter information from almost any U.S.-based financial institution. They can also enter credit or debit card information plus any bills they would like to be reminded to pay or track. Additionally, they can also track loans and investments through the app, including 401(k)s and IRAs. To help users better track and spend, Mint downloads several months of data from accounts, including transactions.

Among other features, Mint allows users to track cash and ATM transactions to ensure they are keeping an eye on all of their spending. With all the funds accounted for, Mint lets users categorize different areas of spending, and the customization feature allows for tagging certain transactions to get a more in-depth analysis of the transaction.

Mint's main categories include overview, transactions, bills, budgets, goals, trends, investments, and ways to save. From there, users can set up alerts for bills or other financial goals.

As its main draw, Mint's budgeting feature allows users to create categories that track their own budgets based on their financial and transaction history and data. The budgets can be set by the week, month or other longer periods of time. And if users go over budget in a particular area or are late on a bill payment, Mint can send reminder alerts or other notifications -- a draw for users who lack discipline.

To promote saving, Mint recommends credit card deals, insurance and a variety of other financial deals. And if users need to keep track of investments, Mint helps them manage their 401(k) or IRA, and even suggests brokerages.

Additionally, Mint provides reports on things like debt, spending, income and even net worth. As an added plus, the service provides a free credit score.

Is Mint Safe?

Perhaps the biggest concern for potential users is - is Mint safe?

The app aggregates financial statements, bills, bank accounts and payment accounts like PayPal. This may worry some, as hacking and security breaches have become common in recent years, even at big banks like JPMorgan Chase & Co.  (JPM) . But how dangerous is aggregating all financial information on one app, really?

Mint uses a variety of financial institution-level security measures including 128-bit SSL encryption, as well as monitoring through third-party sites like TRUSTe and VeriSign. Additionally, Mint uses 256 bit encryption to protect files on the company's servers. The app also uses multi-factor authentication (including security questions), passwords and Touch ID to provide customers with additional security.

Moreover, Mint reportedly hires hackers to test the system's security on a quarterly basis.

Still, how vulnerable is the information to data breaches or hacking?

Big banks are telling users that they are vulnerable when sharing their bank account passwords with third-party sites.

JPMorgan Chase warns users, "If you give out your chase.com user ID and password, you are putting your money at risk."

But competition may be more of the bank's concerns than safety, according to commentary by Mark Ranta, a Mint user and head of digital payments at ACI Worldwide Inc. 

"Mint makes it so I don't have to go to the individual bank sites," Ranta told Reuters in 2015. "They [banks] don't have the opportunity to cross-sell me."

Additionally, while Mint collects data about transaction history, it is not authorized to make transactions for users - relieving users' concerns that hackers could make transactions through the service.

"When you give Mint your bank password, you don't give them permission to make transfers," Lauren Saunders, associate director and managing attorney of the National Consumer Law Center, told Reuters. "You don't need to be a lawyer to understand that you are not a consumer who 'grants authority to make transfers.' You are still outside the provision about giving someone an access device because you didn't give the hacker permission."

Still, are there valid safety concerns for using Mint?

In the event a hacker gets access to a user's information, Mint is designed as a read-only format - meaning that even if as account and information are exposed, the hacker won't be able to do much with it given that full account information and usernames won't be displayed. This is accomplished by Mint sending a token to the linked bank to receive user information in a read-only format when a user first signs up.

The bottom line: Users should proceed at their own risk when sharing bank account information, but rest assured that there are a variety of banking-level security measures that are designed to keep information safe.

Risks and How to Avoid Them

Still, there are some measures users can take to avoid any potential risks to information.

Many of the risks of any kind of hacking - on apps or otherwise - center on old or weak passwords. Mint recommends keeping passwords private and switching them regularly - using a combination of capital letters and numbers.

In addition, if a user's phone is stolen and the Mint account is still activated, there are several different solutions to avoid risk of exposure. Mint uses a four-digit passcode that can be activated through "Settings" on the app that can provide additional security. And, because of Mint's online presence, users can deactivate, delete or switch off mobile in the event of a stolen device.