Hi! I just want to call out a few points in slenderwin's post, and point out some of the implications. (I'm not associated with Mint, but I am professionally familiar with password cryptography.)

For passwords to Mint itself, we compute a secure hash of the user's chosen password and store only the hash

This is standard practice. Companies use a one-way algorithm like bcrypt, scrypt, PBKDF2, and there are others. (Raw MD5 and SHA1 are not considered acceptable password hashes.)

This cannot be used for storing your bank account credentials, because Mint needs to use your REAL password to log in to your bank. Just like you need it.

For banking credentials, we generally must use reversible encryption for which we have special procedures and secure hardware kept in our secure and guarded datacenter.

In other words: Yes, we store your passwords, and with the right attack vector, someone could steal your bank account credentials. You can read the rest of the paragraph and decide for yourself how well-protected you consider your passwords at Mint. (What if someone was able to steal the password after it was decrypted, even with all their smartkeys and intelliboxes? Maybe while the password was in transit to your bank?)

About hashing:

Hashes are no good for logging in. If a service stored your hash, and someone stole that, then they would be able to log in with just the hash. This defeats the whole point of hashing a password, which is to prevent people from discovering your password, even if they get a copy of the service's user database!

About storing login credentials to third-party services:

Banks are behind the times. No surprise there. They should really be using a protocol like OAuth, which Twitter, Google, Facebook, and many others use. There are other protocols, and variations on OAuth, but they basically all end up the same way:

Your bank would give Mint a token, that is NOT connected to your password, that Mint can use to access your bank account.

This has some good implications:

1. If your bank account is compromised, your bank can identify whether it was compromised using your password, or the Mint token, and find out whether the compromise was your fault or Mint's.

2. Mint doesn't have to save passwords. Great! The token still needs to be kept safe, though, because it allows some level of access to your account.

3. Your bank can grant ONLY the required access that Mint needs. eg. No bill payments, withdrawals, password changes etc. if they are using the access token to view your account.

4. You can change your password without breaking Mint's access.

5. You can revoke Mint's access token at any time, through your bank, without changing your password; and you can be satisfied that it's really changed.

I, for one, am happy not to use Mint until my banks support OAuth and Mint uses that. Too much risk involved in giving them your password, and anyway, my bank reportedly refuses to support me against fraud if I've "given away my password".