Jacob Kaplan-Moss

A bit of smart security design from Tiller

I’m trying out Tiller (a service that pulls financial transaction data into Google Sheets), and there’s a nifty bit of security design.

  • Instead of its own authentication, you login via Google. This means Tiller doesn’t need to do any account management, and my account’s as secure as my Google account.
  • Like all other services in this sector (Mint, Personal Capital, YNAB, etc), the actual data sync happens via Yodlee. Yodlee is… not great, but it’s at least not worse than what everyone else is doing. And, Tiller does the best they can by using Yodlee’s own credential flow, which means your bank login never hits Tiller’s servers.
  • When you set up a sheet, instead of requesting access to Google Sheets, Tiller creates the sheet using a bot account, then shares it with you. This means Tiller only has access to the specific spreadsheets it manages, not your entire drive.

There’s always a bit of inherent risk in services like this, and I’m pleased to see that someone at Tiller clearly thought very carefully about the risk model, and designed things to be about as safe as it could be.