Quicken Community is moving to Single Sign On! Starting 1/22/21, you'll sign in to the community with your Quicken ID. For more information: http://bit.ly/CommunitySSO

Quicken password limits to 32 chars - TD Ameritrade password length allows 64 chars

why does quicken limit your passwords to 32 when td ameritrade limits them to 64? can they put in a patch to fix this please

Best Answer

Answers

  • Ps56k2
    Ps56k2 SuperUser ✭✭✭✭✭
    just to clarify - always good to include -
    What version ...   Help --> About Quicken
    EDIT - have updated the topic title to better reflect Q&A
    Quicken 2020 Deluxe - Subscription - Windows 10
  • Charla Kroll
    Charla Kroll Member ✭✭
    edited February 2020
    first time had problems with this: windows, quicken deluxe version r25.10 build 27.1.25.10 would love to use the 64 password. instead of the limit on 32 and reading from the boards the limit is 32. so the restriction is quicken based not Td Ameritrade.
  • splasher
    splasher SuperUser ✭✭✭✭
    I'm guessing that you use a password manager program to maintain your 64 character passwords.  Do you use a 64 character password to access the password manager or any other means by which you record and encrypt these passwords?  If you don't, then using 64 at TD Ameritrade is pointless.
    -splasher  using Q since 1996 -  Subscription  -  Win10
    -also older versions as needed for testing
    -Questions? Check out the  Quicken Windows FAQ list
  • Ps56k2
    Ps56k2 SuperUser ✭✭✭✭✭
    edited February 2020
    some folks have moved from the 8-char password - to the phrase password -
    "MyDogHasFleas$2020" -- that's less than 32 :smile:   can't imagine 64 chars

    Quicken 2020 Deluxe - Subscription - Windows 10
  • Charla Kroll
    Charla Kroll Member ✭✭
    oh how smug you folks are, that have never been hacked. would prefer the 64 and td ameritrade allows it. quicken please put in a fix for this. thanks.
  • splasher
    splasher SuperUser ✭✭✭✭
    Not smug, just realistic.  If you do not do everything at 64 characters, then doing one at 64 and the rest at 32 or some lower number, they just have to crack the 32 and get the 64 for free.  I'll be willing to bet the reason you got hacked was not the length/complexity of your passwords but for some far simpler reason.
    -splasher  using Q since 1996 -  Subscription  -  Win10
    -also older versions as needed for testing
    -Questions? Check out the  Quicken Windows FAQ list
  • NotACPA
    NotACPA SuperUser, Windows Beta Beta
    oh how smug you folks are, that have never been hacked. would prefer the 64 and td ameritrade allows it. quicken please put in a fix for this. thanks.
    Every bank/card/brokerage that Q has contracts with to provide downloads would ALSO have to implement this ... to maintain the standard of uniformity.
    AIN'T GONNA HAPPEN!

    Q user since DOS version 5
    Now running Quicken Windows Subscription,  Home & Business
    Retired "Certified Information Systems Auditor" & Bank Audit VP
  • JustMeHere
    JustMeHere Member ✭✭✭✭
    oh how smug you folks are, that have never been hacked. would prefer the 64 and td ameritrade allows it. quicken please put in a fix for this. thanks.
    There is never going to be change unless the OFX standard is updated, and they aren't about to do it.  And as such Quicken isn't about to do it because they can't send your password to the financial institution.

    And as for "hacking", yes it happens, but not by "guessing the password", which is the only reason for thinking that going from 32 characters to 64 will help.

    One form of "hacking" is the "virus".  Once there is a program on your machine that can monitor what you do, no password is ever going to be safe because they can record what you put in.

    Another form of "hacking" is when the web site uses "security questions" and the user doesn't realize that they are even more likely to be guessed because the user actually "answers the question" instead of using a random character sequence that might used for their password.

    Another form of "hacking" and the most common BTW is hacking the website.  There they are attacking the software being run, not your password.  And note that they might hack say a "game site" when they aren't encrypting passwords, and if the users use the same password everywhere then they might find the users financial institution and try those passwords there.

    Here is a website that allows you to put in a password and see how fast it can be guessed "brute force" (no dictionary attack, which would apply for a password like:  G$M4&xp3ofpJnnu$Vjha)

    https://www.betterbuys.com/estimating-password-cracking-times/ 

    The above 20 character password takes "infinity" in "2020" guessing a 
    17,042,497.3kps  (kps keys/password per second.)

    I have seen other sites that have it a billions of guesses per second and a 25 character password would take in the trillions of years.

    Will Quantum computers change this?
    Maybe, but if they do, most likely 64 or a 164 character are going to matter.
    Using Quicken Subscription Premier (and have a copy of Starter to test things on)
This discussion has been closed.