Encryption

Quicken's PIN Vault protects login names and passwords. I've never heard of it being cracked. Quicken verifies your PINVault (master) password with every use. Likewise, use of SSL prevents a wiretapper from snatching your password off the wire. Now, if you leave your Quicken open with confidential info showing, there's nothing you can do. You might as well publish it in the newspaper. Likewise, you trust the banks, credit card companies and mutual fund companies to not divulge your info. So as usual, it comes down to knowing who you are dealing with.

Semi on/off topic...

Citibank has something they call Virtual Account Numbers (VANs)...

You create a VAN on the fly, which is linked to your real account number.

The VAN has a number of options, one of which is limiting the amount of money available to that particular VAN.

Your real account number never leaves home.

Notan

You can but a program for $45 to break the file encryption. See

Citi only stores the last 4 digits of your credit card number in Quicken

2006 Premier H&B, at least, from what I can tell. Even if a hacker cracked your online ID and password, the web site only displays the last 4 digits as well.

As Notan pointed out, Citi cards also let you create virtual account numbers.

All my other credit cards store the full account number in Quicken 2006 Premier H&B.

Bob

I maintain Quicken 2005 on my main desktop machine and run it in parallel on my laptop. The files contain my credit card number. I think they must if statement downloads are to work properly. If physical access to either of these machines is obtained by a thief those accounts are compromised; I wouldn't be surprised to find my social security number somewhere in the machines also. The laptop is of course more vulnerable to theft or loss.

What to do? How secure is Quicken file encryption? If it's like WORD or EXCEL there are easily available password crackers which open encrypted files, sometimes in a matter of minutes.

Good wishes to all. Advice & information will be gratefully received.

formerprof

While Quicken may only *display* the last 4 digits, and likewise perhaps the site only displays the last 4, if the full number is required for logging into the site then it follows that Quicken would need to know the full number in order to connect to the web site.

Personally I hate accounts that do no display the full account number. Often I'm in front of Quicken and need to call the credit card company. Invariably they'll ask me for my account number. Usually I just go to the account details to see it but, as you say, some of them don't. That's frustrating!

The basic premise that I hold is that real security stops when the thief can physically get a hold of the machine. Not 100% true but mostly true.

This probably doesn't directly address all of your concerns, but it might help. First, let me say that I don't download credit card transactions into Quicken. Therefore, I have no account numbers stored in Quicken.

In regard to your laptop being stolen, etc. -- I use a program that I downloaded called Folder Lock. I believe it costs about $30 or so. It allows me to encrypt any files that I want to on my PC or laptop. I have all of my Quicken files in that encrypted folder. The folder is not only encrypted, but it isn't even visible to the casual user.

Of course, it takes a few extra seconds to get into Quicken, since I need to enter a password into Folder Lock, but I find that's a small price to pay for a little peace of mind.

Just a thought.

It could have been compromised in any number of ways. Personally, I think it's safer to use a reliable online merchant than to give your card to a waiter in a restaurant.

Use a good encryption program, and keep your Quicken data file encrypted. If the computers are compromised, the data will be secured.

Go to

and download TrueCrypt. It's free, open source, and extremely secure. The user guide will give you a good idea about how it's used.

Using TrueCrypt, create an encrypted virtual disk - it's a file on your computer that is entirely encrypted, but can be mounted as if it was a separate disk drive, with its own drive letter. Make sure to use a strong passphrase to secure it (see

for info on strong passphrases). Move your Quicken data files into the secured disk, along with any other data you would like to remain secure.

To access the data, you "mount" the drive using TrueCrypt, and then open Quicken, which can then access your data files normally, and save any changes. When you want the data to be secured, just unmount the drive. If anybody gets access to your system, they won't be able to access your data in any way unless the drive is mounted.

Truecrypt has an option that will automatically dismount any encrypted volumes when the screen saver activates or after a specified amount of time.

Basically, if you keep your data secure, it doesn't matter if your computer is compromised. As long as you have a secure passphrase for the Truecrypt file, there isn't any way that anybody is going to get at your data.

Many thanks to those who responded. I think that BRH's solution -- independent encryption of the Quicken data fits best for me and certainly requires the smallest adjustment of the way I like to work. Good wishes to all.

formerprof

You do know that NTFS has Encrypted File System (EFS) built in don't you?

A few other *very* easy to use programs are available at

Have a look at Magic Folders and Encrypted Magic Folders.

Notan

The account numbers, though, are not "vaulted," are they? I think the OP was concerned about the acct numbers themselves being accessible if the laptop fell into the wrong hands.

I haven't read through all the answers to your query yet, but here goes...

Make sure your PCs are secure from trojans, spyware and other malware. Your credit card may have been lifted by spyware running on your own PC.

Store your Quicken data (and any other critical data) on an encrypted drive. Don't rely on Windows' built-in encryption and security. Microsoft takes too many shortcuts in the security realm.

Some security products that may be useful in encrypting your data:

Steganos Security Suite

I use Steganos Safe

Open source disk encrypter (runs on Windows and Linux)

Make sure you look for 256-bit AES encryption capability. That level of encryption is high enough that, even if your laptop is stolen, your data will be reasonable safe. If you are not comfortable with the level of protection that 256-bit AES provides, then the data should not be on a laptop.

Well, how "true" that is depends upon what level of security you need.

For example, 256-bit AES encryption is used by the US Government for Top Secret messages, yet those messages do not always remain in the physical possession of the US Gov.

True, nothing is ever 100% secure (even if you retain physical security of your PC) but your assertion is a bit exaggerated.

Since the free, open-source TrueCrypt product (mentioned earlier by me and someone else) has 256-bit AES encryption ability, there's really little reason not to use that level of encryption.

btw, Apple's OS-X uses 128-bit AES for its built-in file and drive encryption.

One thing about Windows NTFS encryption - only the exact user account that created the files can access them. If you delete your user account, and recreate the account with the exactly same username, you will not be able to see your encrypted files because your new account was not the exact account that created them. Think about this when you think about wipe and restore of hard disks.....

By and large and for all intents and purposes here for a simply home user with Quicken - it's true.

This is not the NSA, we're not talking spies here ya know.

Exactly

Actually there's really little reason to use it considering the chances of it being needed. Then again I've always found it extremely difficult to reason with paranoid people because if there's one tiny iota of a chance they will constantly argue without. It's like trying to explain to advid lottery players that they odds are really slim....

Whop T Do!

That's why you back things up.

Quite frankly, I don't think in terms of wiping and restoring hard disks...

Too many disclaimers in that sentence for it to be of any use.

Correct, we were not taling about spies, we were talking about computer security. I was merely illustrating how your comment was an exaggeration. Since you agreed with me that you exaggerated, ....

So we agree that you exaggerated.

Security is always a balance of how much do you need vs. how much trouble you have to go through to obtain it. Some of the security products are surprisingly easy to set up and use, and do not get in the way of your routines.

Your attempt to divert the discussion to paranoia merely illustrates how little you know about the topic.

It was just a little side commentary. It's a shame your ego seems to get in the way of your message all the time.

Backups may not help in this area. Unless, of course, you back up unencrypted copies. That, then, opens up another possible security hole.

That's ashame. Even Microsoft is telling Windows users that the only way to eliminate some spyware is to erase and reformat the disk. Do you really think you should take such a lackadaisical approach to others' data?

I'd like to echo another post in this thread that recommends TrueCrypt. For a variety of reasons related to my travel, both domestically and internationally, I recently (in March) began running Quicken 2006 from my laptop, always out of a TrueCrypt-encrypted disk. It works excellently for my needs and in real time.

I don't have an answer to that, but isn't it true that Microsoft file encryption is available with XP Pro but not with XP home? If so, that would make a difference to some users. MS may not even be an option for them.

Is there some way that TrueCrypt is better than the standard Microsoft Encrypted File System? I have not experimented with either.