Pin vault

Rather than having to enter a PIN for each institution you're doing transactions with, the Pin Vault stores all the PINs in one place.

What version are you using?

Have you tried the Help files, from within Quicken?

Notan

Mac 2004

So it just stores them? It doesn't allow you to automatically log on?

Key chain in the Mac OS automatically logs on to websties that require a password. But that doesn't work at my bank.

I was trying to get around typing in passwords.

Notan wrote:

The Pin Vault stores pins for financial institutions that permit "direct" downloading; you enter one password, the Pin Vault password, then Quicken uses the pins in the Pin Vault to supply pins to each fi that is direct downloaded.

The Pin Vault is not used for "web-connect" downloads; for those, you must enter user-id/password for each fi.

I was about to say (basically) the same thing.

Thanks for saving me the typing!

Notan

Happy to help. :) Didn't mean to step on your toes.

Your post was shorter and probably a lot clearer than mine would have been.

Thanks for the toe concern!

Notan

John Pollard said

Any comments on the security of these saved passwords? The help menus states the "Pin Vault is designed for security", but not much about the type and level of security.

Some might consider ROT13 a form of security. ;-D

No, Quicken Pin Vault uses the much more secure EBG13 algorithm. The passwords need to be transmitted in the clear to the receiving institution, but hopefully that is over SSL. On your Computer the Pin Vault is stored in an undiclosed location within the .QEL file. The only known way to circumvent the Pin Vault is to delete it.

How secure would you like it to be?

Mike B said

The connection to the FI is in the clear? Huh? Logging on via a browser is HTTPS. Surely the connection via quicken is encrypted? This isn't SMTP for gods sake. Can you cite any info discussing this?

Sufficient, such that if someone hacks into my computer they can't snag all my passwords. Imagine the trouble that could be! For the time, being I'm using PASSWORDSAFE and cutting/pasting.

Thanks for the feedback, HS

An alternative is to skip the vault and to manually enter the PIN each time you want to download the transactions. Much safer than storing in a program and cutting/pasting each time.

Not so. Storing passwords in encrypted format is safer than retyping them over and over again with the possibility of someone looking over your shoulder. I believe the "Secure Password Authentication" protocol passes encrypted passwords rather than clear text and it does it over SSL links. The latter thwarts "wire tappers".

Bottom line: I trust the PIN Vault and One-Step Update.

Bad phrasing. What I meant to say is that your bank's side of the connection is not privy to the encryption algorithm used by Quicken for the Pin Vault. Hence the password is unencrypted and then sent over SSL (Secure Sockets Layer) - https:// protocols are but one implementation of SSL protocols.

Whoever steals your computer has so much data that your passwords that are encrypted somewhere in the depths of a Quicken file is the least of your worries. The password protecting your Quicken data file is easily cracked. Do a Google Search on the Internet. I'm also pretty sure you have (like all of us), a lot of other information on your computer in clear text (letters, lists of accounts, lists of site passwords, etc.) that would be a treasure trove for the snatcher.

Your best bet for security is to implement a power-on and disk password for your computer and then ensure you leave your computer switched off when you leave the house. These passwords are pretty secure and affords you very good data protection.

Mike B said

Gotcha.

All my personal info (acct #'s, PW'ds etc) is stored in PASSWORDSAFE. I suppose one could glean a bit of info from my mail files. Some emails may have account info. Not sure.

I wasn't aware Quicken files were so easily hacked. I'm very surprised Quicken didn't handle this better. This is there business for heavens sake. ;-D

Alas, security verses convenience.

All in all, if you want to remove Quicken from my toolbox you'll have to rip it from my cold dead hands. Gone are the days of checkbook balancing, writing checks, and stamping the mail. Click Click Click, bill paid, ledger updated, no hassle. ;-)

Take care, HS

Are you seriously suggesting that you invest money in PASSWORDSAFE, but you don't use the free power-on and disk passwords that provide extreme security in protecting your personal data from the gamut of threats - from casual snooping to determined theft of your computer to obtain the personal info? Not only that, but you will reward the thief in that he can take what he needs, and then sell your computer on as a fully-functional unit. At least with the passwords, it ain't worth its weight as a doorstop.

On my computer I have the two passwords set to the same value, so I need only type it in once, but it does mean the harddrive cannot be used on another computer.

Gotcha. ;-)

Be safe, be secure.

Mike B said

PASSWORDSAFE is free (not that money would enter into this decision). However, my goal really isn't to protect against PC theft. If someone gets into my house, and attempts to swipe my PC, the PC is just one many concerns. This is, of course, assuming he isn't stopped by the complementary hail of bullets that will undoubtedly be released. ;-)

Take care,

I always thought crossbows, aimed at key entry points, would be kinda cool!

Notan