Passwords for Scheduled Updates

QW H&B 2016 under Windows 10:

When I set up Scheduled Updates, I am asked for a Password Vault password each time I start Windows but NOT for a file password.  Doesn't this make Scheduled Updates next to useless?

See also https://getsatisfaction.com/quickencommunity/topics/file-password-required-for-schedule-update-q2016

Comments

  • PerryPerry Member
    edited December 2018
    IMHO the Quicken login password opens your file.  The password vault contains a mechanism for storing and accessing the various financial institutions user id's and passwords.  
  • Rick GumpertzRick Gumpertz Member ✭✭
    edited August 2018
    Perry said:

    IMHO the Quicken login password opens your file.  The password vault contains a mechanism for storing and accessing the various financial institutions user id's and passwords.  

    Agreed!  But if both are required for Scheduled Updates, then it should ask for both in advance, not just one of them!
  • NotACPANotACPA SuperUser ✭✭✭✭✭
    edited August 2018
    Perry said:

    IMHO the Quicken login password opens your file.  The password vault contains a mechanism for storing and accessing the various financial institutions user id's and passwords.  

    The use of the File Password precluded the unattended operation of Scheduled Updates.

    You can have one of these, or the other, but not both.

    That's just the way that it works.
    Q user since DOS version 5
    Now running Quicken Windows Subscription,  Home & Business
    Retired "Certified Information Systems Auditor" & Bank Audit VP
  • Rick GumpertzRick Gumpertz Member ✭✭
    edited September 2018
    Perry said:

    IMHO the Quicken login password opens your file.  The password vault contains a mechanism for storing and accessing the various financial institutions user id's and passwords.  

    ( Rant Redacted )If they have the ability to ask for and store one password, storing both passwords should be just as easy.

    Are they really suggesting that you should leave your Quicken data file unprotected?
  • splashersplasher SuperUser ✭✭✭✭✭
    edited August 2018
    Perry said:

    IMHO the Quicken login password opens your file.  The password vault contains a mechanism for storing and accessing the various financial institutions user id's and passwords.  

    File Passwords in Quicken are like the locks on your front door, they only keep out honest people.  There is no real security in them, with some old FI statements, the password can be removed by the user and Quicken can remove them at any time, but for them to do it, you have to provide them with info from inside the file (generally only known to the owner).  I prefer to protect my Quicken data by storing it on an encrypted storage device.
    -splasher  using Q since 1996 -  QW 2015, 2016, 2017 & Subscription  -  Win10
    -Questions? Check out the  Quicken Windows FAQ list

  • Rick GumpertzRick Gumpertz Member ✭✭
    edited August 2018
    Perry said:

    IMHO the Quicken login password opens your file.  The password vault contains a mechanism for storing and accessing the various financial institutions user id's and passwords.  

    So how would you suggest that Scheduled Updates (see Tools / Schedule Updates...) work in Quicken?  Continue to ask for one password but not the other?  That makes it pretty useless, doesn't it?
  • splashersplasher SuperUser ✭✭✭✭✭
    edited August 2018
    Perry said:

    IMHO the Quicken login password opens your file.  The password vault contains a mechanism for storing and accessing the various financial institutions user id's and passwords.  

    I thought I was pretty clear in that I thought the file password was worthless.
    -splasher  using Q since 1996 -  QW 2015, 2016, 2017 & Subscription  -  Win10
    -Questions? Check out the  Quicken Windows FAQ list

  • NotACPANotACPA SuperUser ✭✭✭✭✭
    edited August 2018
    Perry said:

    IMHO the Quicken login password opens your file.  The password vault contains a mechanism for storing and accessing the various financial institutions user id's and passwords.  

    That's pretty stupid!  If they have the ability to ask for and store one
    password, storing both passwords should be just as easy.
    What conceivable purpose is there in storing the File Password ... since you must input it manually in  order to open that Q data file? 

    Plus, as stated by splasher, the File Password is next to useless.
    Q user since DOS version 5
    Now running Quicken Windows Subscription,  Home & Business
    Retired "Certified Information Systems Auditor" & Bank Audit VP
  • QPWQPW Member ✭✭✭✭
    edited August 2018
    Perry said:

    IMHO the Quicken login password opens your file.  The password vault contains a mechanism for storing and accessing the various financial institutions user id's and passwords.  

    Well I disagree with these statements, and agree with Rick that it makes it pretty useless.

    First off if they are going to put in a feature it should be supported.
    They put in the scheduled downloading of transactions, and they put in the file password.  They should be supported together.

    Also the file password is far from useless.
    OK, clearly there are "back doors" into it, but it has been stated that in recent years the data file is encrypted.

    Now the fact that there is a way for Quicken Inc to remove the password does "weaken" the security, but as long as their key/method to get into the file isn't found, it is still secure.  Encryption can have multiple keys, and therefore allow for "recovery".  And it can be done in a way that people might not suspect.

    But this security isn't "worthless".
    Frankly if your purpose is to keep "prying eyes" from others in your household or work from looking at it, even a simple scramble is plenty good enough.  If you think professional hackers are going to attack your data file, well... maybe you should be that paranoid.

    I think one misconception is that the file password has to be used in the encryption.  From what I can tell Quicken data files are always encrypted (at least for Windows, not Mac).  Quicken just knows how to do the decryption, and decides to do it (or not) based on the file password (if one is used).

    On the other hand I have a real hate for the scheduled update function because I think it is the root cause of a lot of Quicken problems.

    Quicken functions as if it is two different programs since they changed over from .Net 3.5 to .Net 4.x, and I'm not sure what "triggered" that, but Quicken has been written as a "shell" and the "insides" for a very long time.  And the main reason I think they would do that is because they needed to "swap out" the GUI when running scheduled updates.  They needed all the "guts" of Quicken, but not to show the GUI.  Even though this worked for many years, the fact that it broke with .Net 4.x tends to make me believe it was poorly executed.
  • Rick GumpertzRick Gumpertz Member ✭✭
    edited August 2018
    Perry said:

    IMHO the Quicken login password opens your file.  The password vault contains a mechanism for storing and accessing the various financial institutions user id's and passwords.  

    Am I supposed to get up early in the morning just to type my file password when the scheduled update runs?
  • Rick GumpertzRick Gumpertz Member ✭✭
    edited August 2018
    Perry said:

    IMHO the Quicken login password opens your file.  The password vault contains a mechanism for storing and accessing the various financial institutions user id's and passwords.  

    If quicken KNOWS how to decrypt the file without a file password (which I believe it does), then why can't scheduled updates work without one?  Then it might make sense to ask for only the password vault password!
  • NotACPANotACPA SuperUser ✭✭✭✭✭
    edited August 2018
    Perry said:

    IMHO the Quicken login password opens your file.  The password vault contains a mechanism for storing and accessing the various financial institutions user id's and passwords.  

    Yep.
    OR, run OSU later in the day, when you're already out of bed.
    OR, quit using File Password.
    Q user since DOS version 5
    Now running Quicken Windows Subscription,  Home & Business
    Retired "Certified Information Systems Auditor" & Bank Audit VP
  • Rick GumpertzRick Gumpertz Member ✭✭
    edited August 2018
    Perry said:

    IMHO the Quicken login password opens your file.  The password vault contains a mechanism for storing and accessing the various financial institutions user id's and passwords.  

    Even if they can be bypassed (as can my front door lock), file passwords can useful for keeping out casual prying eyes.
  • Rick GumpertzRick Gumpertz Member ✭✭
    edited August 2018
    Perry said:

    IMHO the Quicken login password opens your file.  The password vault contains a mechanism for storing and accessing the various financial institutions user id's and passwords.  

    If I'm going to run OSU later in the day, then what good are scheduled updates?  If implemented, at least implement them right!
  • Rick GumpertzRick Gumpertz Member ✭✭
    edited October 2018
    Maybe a Quicken Official Rep could explain the apparent inconsistency and what they were thinking when they implemented Scheduled Updates that would not work with File Passwords?  Pretty, Pretty, Please?
  • QPWQPW Member ✭✭✭✭
    edited August 2018

    Maybe a Quicken Official Rep could explain the apparent inconsistency and what they were thinking when they implemented Scheduled Updates that would not work with File Passwords?  Pretty, Pretty, Please?

    Explain what?

    It has been this way since day one.  In their book it is "implemented as designed".  As such there is no bug, and you are requesting a "new feature".  And it is impossible to state the reasoning because that decision was probably made 20 or 30 years ago.
  • Rick GumpertzRick Gumpertz Member ✭✭
    edited August 2018

    Maybe a Quicken Official Rep could explain the apparent inconsistency and what they were thinking when they implemented Scheduled Updates that would not work with File Passwords?  Pretty, Pretty, Please?

    How do you know that in their book it is "implemented as designed"?  Did they post that somewhere?  Did they tell you?  Or are you just guessing because they haven't fixed it?
  • Rick GumpertzRick Gumpertz Member ✭✭
    edited August 2018

    Maybe a Quicken Official Rep could explain the apparent inconsistency and what they were thinking when they implemented Scheduled Updates that would not work with File Passwords?  Pretty, Pretty, Please?

    Speaking of history, do I correctly recall that Scheduled Updates were implemented much less than 20-30 years ago?  I vaguely recall it was about the time that they removed the ability for OSU to run in the Background while one was using Quicken...
  • QPWQPW Member ✭✭✭✭
    edited August 2018

    Maybe a Quicken Official Rep could explain the apparent inconsistency and what they were thinking when they implemented Scheduled Updates that would not work with File Passwords?  Pretty, Pretty, Please?

    Yes I'm guessing because that is the standard answer given.  And it is in fact the correct one.  To users anything they don't like is a bug.  To a developer anything that doesn't work to the design is a bug, and any thing else is a feature.  It doesn't matter if the design sinks or not.

    I'm pretty sure scheduled transaction downloading is quite old.  How old?  I don't know for sure because I was never interested in it.
    (Out of curiosity I installed Quicken 6 (as in 1996) on a Windows XP VM and it wasn't there, but when I installed Quicken 2004, it was there).

    But the ability to run One Step Update in the background doesn't line up with it.  It is in fact a completely different "problem".

    There were a few years they allowed you to do other work while One Step Update was running, but they got rid of it because it was causing problems.

    If you watch One Step Update while it running you will quickly notice that it is updating kinds of things "interactively", not in any kind of "background mode".

    So it is like having two people trying to type on values into the same register at the same time.  What's more you making request for reports and such is hitting up the database and other parts of Quicken when they and not having any of that be "out of sync".  Get it "out of sync" and you get a crash.  They have a hard enough time just getting One Step Update to do its thing without crashing.

    In both the scheduled downloading and when you do it from the standard GUI (One Step Update or Update Now) they block you.  And you can't run a scheduled downloading at the same time as "standard" Quicken is running.  They have never mastered/programmed Quicken to be "multiple users/tasking" (with the exception of what they do in parallel in One Step Update and in searches, find and replace, ...

    BTW I was curious about the "decrypting" and sure enough you can use the "forgot password" routines completely offline.  What's more the questions they ask to verify you are the owner come directly from your data file.  Which of course it couldn't do if it didn't already have the data decrypted.  Note the questions can usually only be answered if you have access to the data file (open and running) since they partly pull from long close accounts.
  • mshigginsmshiggins SuperUser ✭✭✭✭✭
    edited October 2018
    From C. D. Bales:



    Quicken won't run a scheduled update for a file that has a file password.



    See the "Notes" at the end of this kb article:


    https://www.quicken.com/support/how-s...
    Quicken user since Q1999. Currently using QW2017.
    Questions? Check out the  Quicken Windows FAQ list
  • QPWQPW Member ✭✭✭✭
    edited August 2018
    mshiggins said:

    From C. D. Bales:



    Quicken won't run a scheduled update for a file that has a file password.



    See the "Notes" at the end of this kb article:


    https://www.quicken.com/support/how-s...

    Yes, I think everyone here gets that.  But the real question is why not?

    Other than "because they didn't design it that way" kind of answer there isn't really a good reason it is that way.

    They are currently storing the Password Vault password, which I think most people would agree is even more "sensitive" than the password for a data file.  So why not allow for the user to also enter the file password when logging in?

    There has never been any kind of answer to that question over the years other than "it is design that way".  And I don't expect there will be, because I think the real answer is that they don't feel that it is high enough of a priority to put it in.
  • Rick GumpertzRick Gumpertz Member ✭✭
    edited August 2018
    mshiggins said:

    From C. D. Bales:



    Quicken won't run a scheduled update for a file that has a file password.



    See the "Notes" at the end of this kb article:


    https://www.quicken.com/support/how-s...

    That Note you refer to is pretty well hidden.  Nevertheless, I guess that makes this issue fit the classic programming definition if a "feature": a bug that has been documented.  Sigh.
  • mshigginsmshiggins SuperUser ✭✭✭✭✭
    edited August 2018
    mshiggins said:

    From C. D. Bales:



    Quicken won't run a scheduled update for a file that has a file password.



    See the "Notes" at the end of this kb article:


    https://www.quicken.com/support/how-s...

    From C. D. Bales:


    "Yes, I think everyone here gets that."


    At the time I composed my response (several hours before your first post here), no one here indicated that they got that.


    "But the real question is why not?"


    Those are questions which other users generally can not answer meaningfully; at the end of the day, I find the guesses less than satisfying. And too often the guesses lead other users to attack the guesses as if they were facts, and to waste time proposing nonsensical guesses about the guesses.


    I don't think many users accept that lack of economic feasibility is a legitimate reason for not providing a feature they desire; they prefer to consider anything that does not work as they want, to be a bug.
    Quicken user since Q1999. Currently using QW2017.
    Questions? Check out the  Quicken Windows FAQ list
  • Rick GumpertzRick Gumpertz Member ✭✭
    edited August 2018
    Maybe the BUG is not that it doesn't ask for a password in advance but rather that it does fail to run without a password when a Scheduled Update is run.  If Quicken can access a file without the file password, which I believe it can, there there is probably no harm in a background task doing so without a file password.  In that case asking for just the Password Vault Password would make sense.

    In any case, it should be fixed in one way or the other:
        - ask for and save the both passwords at login
    or
        - ask for just the password vault password at login and bypass the file password when actually running a file update.
This discussion has been closed.