Hi, Ken.
I'm not a world traveler like you, and I seldom even take my netbook for a Wi-Fi excursion, so my security issues are not the same as yours. I've used Quicken's Password Vault for a decade or more without problems. (Well, OK, rare problems, but not of this kind.)
Sometimes I can initiate a second OSU without re-entering my password; other times I must re-enter it, even on the same day, and that is a mild annoyance. I'm not sure if the re-entry requirement is time-based, or if some other event triggers it, but it does not survive restarting Quicken, as you said. Typically, Quicken is the first or second application I start each morning and sometimes it doesn't get shut down until bedtime. I've been surprised a few times to see that my vault password entry still works late in the day; I must have not restarted Q during that day.
While I'm no security guru, as many of our friends are, it's comforting to know that the vault is kept here on my own hard drive and not sent anywhere except to each FI, not even to Quicken.com. It is very inconvenient sometimes that the vault obscures the password, even from me, but I recognize that as another safeguard for me. I can't even change the password in the vault unless I know the current one. My only real security is physical access to my desktop and netbook, both kept here in my home.
The way the vault works suits me - but if I used Quicken the way you do, I'm sure I would share your concerns.
RC
-- -- R. C. White, CPA San Marcos, TX (Retired. No longer licensed to practice public accounting.) snipped-for-privacy@grandecom.net Microsoft Windows MVP (2002-2010) (Using Quicken Deluxe 2013 R 12 and Windows Live Mail in Win8 x64)
I've never used the Password Vault, but was just thinking of trying it. But if I'm right about the way I think is right, I don't want to use it.
So is this correct: After doing a one-step update with the Password Vault, you are never prompted again for the Password Vault's password until Quicken is shut down and restarted?
If so, it seems insecure and I don't want to use it. Also, is there any way to see the password the password vault enters, other than as
*******, or to use the password for anything else but one-step update? If not, the insecurity doesn't bother me as much,if nobody can do anything with my accounts other than a one-step update.
All thoughts on this subject are welcomed.