Quicken 11 Password ?

Anyone who "broke" into your data would probably die of boredom. Get over yourself! There's nothing special about YOUR data, except to you, unless you are trying to hide assets from others, e.g. ex-spouse, creditors, etc..

I would call this a failure of imagination.

I caught a glimpse of Jess on Sun, 29 Jul 2012

09:04:51 -0500, writing in alt.comp.software.financial.quicken:

The only suggestion I could make is to always use a secure password when you boot up your computer.

The nature of my work makes me aware of the financial records of hundreds of people--believe me...it is BORING poring over dozens of credit card statements, bank statements, etc..

This topic I believe has been discussed ad nauseum in this NG over the years. One suggestion is that if you really care about security of your Q file because of this, then locally encrypt your file (or the entire local drive) with something like PGP (in addition to the power on password that Erik suggested).

"Jess" wrote

I don't hang out on Intuits website very often if at all, but today I went to their website just because. I looked at the password area and find they have a program to undo/recover someone's password incase the customer has forgot their password. I find this very disturbing that any Tom, Dick and Harry can download this program then get into my Quicken program data where I thought my financial information was fairly safe in case someone broke into my home and stole my computer. WOW! Does anyone have some light they can shed on this ?

-----------------------------------------

It appears that you didn't read the faq very carefully, and that you also jumped to a conclusion for which there was no evidence.

First of all, the "program" you have access to does not remove the password. At the end of the process, you have to send the file to Intuit, who removes the password.

Secondly, you can't get the file back with the password removed until you prove to Intuit that it is your file. To confirm the details, you might have to initiate the process yourself; but I believe it involves you telling Intuit something about the contents of the file that only someone who already knew its contents could provide.

Don't count on Intuit using due diligence on making folks prove it is their file.

I called recently to get quickbooks file open because I did not have the current password for one of my client's file. Client was not available at the time so I just called Intuit. All I needed to say to them was the client can't remember the password. They happily remoted into my computer and removed the password for me.

Yeah, maybe boring for you.

But you are not looking for account numbers to exploit, identities to steal, etc.

Get over yourself.

I keep my quicken file on a encrypted drive.

I use the free encryption software TrueCrypt

"Laura" wrote

Don't count on Intuit using due diligence on making folks prove it is their file.

I called recently to get quickbooks file open because I did not have the current password for one of my client's file. Client was not available at the time so I just called Intuit. All I needed to say to them was the client can't remember the password. They happily remoted into my computer and removed the password for me.

-----------------------------------------------------------

I posted a summary of this where the Quicken Intuit folks could see it, and got this response from Intuit.

"I believe that poster was confused about at least one thing. QuickBooks has even stronger password restrictions than Quicken, and it's physically impossible to remove the file password via remote session without using the password removal tool that requires an accurate response to the security question from the party trying to remove the password.

What can be cleared, without the password removal tool, is the transaction password - 'require a password to make changes to transactions'. So long as the QuickBooks user logged in is the file Admin, they have the ability to remove the txn password without entering the old one first".

In the case that I mentioned I did not have the answer to the security question and support DID remote in and removed that password for me so I don't know what that person is talking about. Maybe the fact that I am an Intuit ProAdvisor dealing with a different support team than the average user made the difference.

Transaction Password?? That person is full of sh*t! There is no such thing as a Transaction Password in QuickBooks. There is a "Closing" password where you can set a closing date that is password protected to prevent you from making changes in a "closed" period. But that "closing" password is useless if you can't open the file because you don't have the login password. He/she is probably talking about the same thing but it not called a Transaction password.

Laura - Advanced Certified QuickBooks ProAdvisor

"Laura" In the case that I mentioned I did not have the answer to the security question and support DID remote in and removed that password for me so I don't know what that person is talking about. Maybe the fact that I am an Intuit ProAdvisor dealing with a different support team than the average user made the difference.

--------------------------------------------------

It seems you're getting upset and moving away from the point of this discussion and my comments in it.

The question, again, is whether the existance of the Quicken Password Removal Tool presents a meaningful security risk to Quicken users.

Of course it matters that you have a special relationship with Intuit; information that you left out of your original comment questioning whether users could rely on Intuit to do their part to protect user's data.

If a Quickbooks user has their computer stolen by a Quickbooks Pro Advisor, then perhaps that data could be compromised ... though not by shoddy security policies on Intuit's part.

And even then, the folks at Intuit who support Pro Advisors and the person who wrote the Quickbooks Password Removal Tool assure that the password can only be removed by supplying some identifying info ... there is no password cracking tool or any other backdoor way of removing the password.

A Pro Advisor might have some information that a typical thief would not have, and that information might be given to someone at Intuit who then could apply the Tool and remove the password. I believe the term "challenge question" may be involved. I didn't attempt to dig any deeper since this discussion is about Quicken, not Quickbooks. See following.

Getting back to Quicken: There is no such Quicken equivalent to the Pro Advisor role for Quickbooks, and there is no other way for a Quicken file password to be removed than by using the Password Removal Tool ... a piece of software that will not remove the password unless it is given the correct answer(s) to information about the contents of the file. It doesn't matter whether an Intuit employee is utilizing the tool or whether a Quicken user is utilizing the tool: correct answers are required.

The bottom line (which I hope will also clear up any misunderstanding I may have introduced with my initial post in this discussion): there is no way to remove the file password from Quicken without supplying proper identifying information to the software that removes the password.

So I'm sticking with my original thought: the Quicken Password Removal Tool does not represent a serious security problem for Quicken user's data.

There is no such thing as a Transaction Password in QuickBooks. There is a "Closing" password where you can set a closing date that is password protected to prevent you from making changes in a "closed" period. But that "closing" password is useless if you can't open the file because you don't have the login password. He/she is probably talking about the same thing but it not called a Transaction password.

-------------------------------------------------

It's called a transaction password at Intuit (they may also use the term "closing password, I don't know), and it's essentially the same as the transaction password in Quicken. As you say, it restricts access to

*transactions* that occurred before a certain date, so calling it a "transaction password" not only makes sense in a general way, it also points to the similarity with the Quicken "transaction password", making it a bit easier for non-Quickbook users to grasp the significance.

No one said the "closing password" was useful to someone trying to break into a Quickbooks file; just that there are different rules for removing a "closing password" than there are for removing a file password.

My contact on this matter is a smart, well informed, 14 year Intuit employee, who used to work on the Quickbooks side and now is on the Quicken side.

She works right next to the Quickbooks "Accountants team" that supports ProAdvisors such as yourself, and she has consulted with them about this.

If something has gotten lost in the translation by the middle-man (me), I apologize, but I don't think that has happened.