Home Quicken on the Web Using Quicken on the Web
Quicken Community is moving to Single Sign On! Starting 1/22/21, you'll sign in to the community with your Quicken ID. For more information: http://bit.ly/CommunitySSO

No Two-Factor/MFA Authentication for Initial Logins from Mobile/Web

Quicken on the Web is absolutely gorgeous, but it has a fatal security flaw in my opinion. There does not appear to be a properly implemented Multi-Factor Authentication scheme for new logins regardless of source (ip, device, etc).

From what I was told by support, once I authenticate on my Desktop app my ID has been "Authenticated" from an MFA perspective. That means if your password has been compromised the attackers would have easy access viewing your data and leveraging that information into other types of attack vectors across various financial institutions, etc. All of this can occur without the need of physical access to one of your "trusted" devices.

Even at it's lowest level, basic two-factor is a minimum. There are other additional requirements that should be passed as well. Seeing that simple two-factor authentication is absent from this product leads me to question what secondary methods you are blindly allowing in addition.

Just disabled the whole "mobile/web" syncing because of this pretty massive oversight.

I'll still continue to use Desktop Quicken, been loyal to them for what seems like 20+ years. Maybe one day this will get sorted out.
This discussion has been closed.