Password Vault

Ken Blake wrote in news: snipped-for-privacy@4ax.com:

Someone could come along and initiate another OSU. But that security exposure pales in comparision to leaving Quicken open on an unsecure PC.

Someone could do another one-step update, but so what? That's inconsequen tial compared to using the same password on the vault and on other sites th at require a password. You can use the vault password anywhere you want, b ut I'm sure you know that you're supposed to vary passwords (I'm not a mode l for this rule, unfortunately). I have yet to have a problem with anyon e violating my security just from using the password on my Quicken password vault.

I don't use one-step update currently but do have the vault password protected. Use to use it a lot and never had any problems.

But whenever I use it on my laptop I do password protect the program also.

I NEVER use the same password twice. Use Password Pro 6 to generate different strong passwords for everything.

TG

I use OSU every day, and it ALWAYS asks for the vault pasword.

"Ken Blake"

I've never used the Password Vault, but was just thinking of trying it. But if I'm right about the way I think is right, I don't want to use it.

So is this correct: After doing a one-step update with the Password Vault, you are never prompted again for the Password Vault's password until Quicken is shut down and restarted?

--------------------------------------------------------------------

Actually, I believe there is a time limit, but I'm not sure exactly how long it is (maybe 4 hours?). If you haven't utilized the Vault for that length of time (while Quicken has been continuously running), then try to open the Vault or do an OSU, you get asked for the password again.

Interesting, thanks; a time limit hadn't occurred to me. I'm still not crazy about its not asking for it every time, so I think I'll forgo the use of the Password Vault.

Hi, Ken.

I'm not a world traveler like you, and I seldom even take my netbook for a Wi-Fi excursion, so my security issues are not the same as yours. I've used Quicken's Password Vault for a decade or more without problems. (Well, OK, rare problems, but not of this kind.)

Sometimes I can initiate a second OSU without re-entering my password; other times I must re-enter it, even on the same day, and that is a mild annoyance. I'm not sure if the re-entry requirement is time-based, or if some other event triggers it, but it does not survive restarting Quicken, as you said. Typically, Quicken is the first or second application I start each morning and sometimes it doesn't get shut down until bedtime. I've been surprised a few times to see that my vault password entry still works late in the day; I must have not restarted Q during that day.

While I'm no security guru, as many of our friends are, it's comforting to know that the vault is kept here on my own hard drive and not sent anywhere except to each FI, not even to Quicken.com. It is very inconvenient sometimes that the vault obscures the password, even from me, but I recognize that as another safeguard for me. I can't even change the password in the vault unless I know the current one. My only real security is physical access to my desktop and netbook, both kept here in my home.

The way the vault works suits me - but if I used Quicken the way you do, I'm sure I would share your concerns.

RC

-- -- R. C. White, CPA San Marcos, TX (Retired. No longer licensed to practice public accounting.) snipped-for-privacy@grandecom.net Microsoft Windows MVP (2002-2010) (Using Quicken Deluxe 2013 R 12 and Windows Live Mail in Win8 x64)

I've never used the Password Vault, but was just thinking of trying it. But if I'm right about the way I think is right, I don't want to use it.

So is this correct: After doing a one-step update with the Password Vault, you are never prompted again for the Password Vault's password until Quicken is shut down and restarted?

If so, it seems insecure and I don't want to use it. Also, is there any way to see the password the password vault enters, other than as

*******, or to use the password for anything else but one-step update? If not, the insecurity doesn't bother me as much,if nobody can do anything with my accounts other than a one-step update.

All thoughts on this subject are welcomed.

We're doing much less traveling this year, as a result of my wife's accident last November, but I hope to do some more traveling starting next year. The older I get, the more I want to travel while I still can.

I suspect our security issues are closer than you think. I take my Netbook when I travel, but it's almost exclusively for e-mail; I don't even have Quicken installed on it. If I were to lose the netbook, it would hurt, but the pain would be mostly financial; there's almost nothing there that would affect my security.

LOL! You probably know my standard answer to comments like that: "I drove a car without wearing a seatbelt for a decade or more without problems." Concern should be over the risk of problems, not about the history of them.

I think my view is the opposite of yours here: I would use the password vault if I had to reenter the password every time I ran OSU. I don't like the password staying in effect.

I have Quicken autostarting here. OSU is one of the first things I do each morning, so I don't start Quicken manually.

I don't shut down Quicken or anything else at bedtime. Windows and the handful of applications that I use the most run all the time (except when I'm away on vacation) and get restarted perhaps once a week or so.

I don't at all mind its obscuring the passwords. In fact, that was at the heart of my initial question about this. Given that nobody can see any of the FI passwords, what is the security risk of the Security Vault password staying in force? Even if someone were to steal my computer, could he do anything more at the FIs than just OSU? I'm not sure, but if he couldn't do any more, maybe my concern over the Security Vault password's staying in force isn't warranted.

Yes, I know. And that's good!

The same is largely true for me regarding the desktop, and as I said above, there's nothing on the netbook that really needs security, so I'm not worried about it.

I suspect that we don't use it very differently at all.

Also, if you backup your Quicken file (always a good idea), you will have to re-enter the vault password to do online transactions even if you do not exit Quicken.