Dropbox / Google Drive = same as encrypted volume (i.e. TrueCrypt/VeraCrypt)

I've always kept my Quicken data on an encrypted/mounted volume. Understanding that if that software layer ever hiccuped or went bad, that data was at risk - hence backups. Knowing full well though that it's more reliable than any cloud service simply because there's less "stuff" for my data to travel through on its journey to the storage medium. Though I presume those providers services have measures in place to retain data integrity in the event the connection gets bumpy.

I wonder if Quicken has changed things under the hood regarding disk I/O or if they are just doing this as a precaution because they end up seeing allot of problems with data files stored in cloud services?

Comments

  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    Nothing has changed "under the hood", they are simply trying to get the message out to people that they do not recommend storing your active data file on a remote drive or in a "cloud service folder" because Quicken has no system for error correcting if the network should ever "hiccup" and even though Quicken locks its data file, it releases that lock from time to time and if the cloud service jumps in and changes it that can cause hiccups in Quicken being able to read/write it properly.

    The recommended way to do it is to store manual backups (or a copy) in the "cloud folder" not the one that Quicken opens.
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    P.S. note that this check really only check to see if the folder is on a "network drive". The check won't really even detect if the active data file is in a cloud folder, which is in fact a local folder.  That check is for a folder mounted on a given drive letter or using a UNC path like \\machine\share\.... If in fact the "machine" is the local drive then the test gives a warning believing it is remote.

    To summarize the recommendation of not storing the active data file on a remote machine is because they can't know if your network is going to be 100% reliable, and Quicken will not compensate for it not being 100%.

    The recommendation of not having the active data file on a cloud account is because of the possibility that the cloud service might either sync the data file at the wrong time or interfere with Quicken reading/writing the data file.  The same can be said for some backup programs.
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
  • Fletch100
    Fletch100 Member ✭✭
    Ok, that's what I thought and it's understandable why they'd do that since I'm sure there are a few that don't understand in full the mechanics of a "Cloud drive" and the potential risks of using them as a normal drive. I also doubt it's easy to programmatically distinguish a Cloud drive from any other "mounted" device.
  • So this raises a question in my mind, to which I can't find the answer here on the forums. I've read the blurb about Quicken online transactions being secure and encrypted. However, I've not seen anything, other than use of a file password, that indicates the Quicken file itself is encrypted. I shudder to think what would happen if someone nefarious got ahold of my Quicken file and was able to utilize. Is the file encrypted, or not?
    Quicken user since 1995...
  • Sherlock
    Sherlock SuperUser ✭✭✭✭✭
    So this raises a question in my mind, to which I can't find the answer here on the forums. I've read the blurb about Quicken online transactions being secure and encrypted. However, I've not seen anything, other than use of a file password, that indicates the Quicken file itself is encrypted. I shudder to think what would happen if someone nefarious got ahold of my Quicken file and was able to utilize. Is the file encrypted, or not?
    The Quicken file is not encrypted.  The file password is used limit access by the Quicken application.  The Password Vault in the Quicken file is encrypted.
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    Getting an exact answer to that question is impossible, Quicken Inc is just not going to say exactly what is being done to protect the file.  

    They have “suggested” that it is encrypted, but if it is, it certainly isn’t an encryption method like Truecrypt would use.  For one thing because users forget their passwords and expect Quicken Inc to unlock it for them at best there is a secondary master password.  But even beyond that you can set or remove a password in a blink of an eye, which means that password isn’t really the key to decrypt.  More likely just a password to get Quicken to open the file.  That isn’t to say that the data can’t be encrypted or at least “scrambled”, just that the password isn’t the key to it.

    But to me the real security comes in with the password vault.  That one they have stated is using encryption, and they can’t bypass.  If you forget your password, you have to delete the password vault, and re-enter your passwords.

    I would say the password on the data file is “pretty good” and should keep all but professional hackers out, but it isn’t “full encryption”, but main concern to me would be to keep them out of my accounts long enough till I can get the passwords changed, and that depends more on the password vault.
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    Note given Quicken Inc has never confirmed that the data file is encrypted, most likely it isn’t.  At best “scrambled”. (They do that with some of the log files), but even more likely the database is just “hard to read” because it is just so old of a database.  I know that you can’t just dump it and look for clear text.
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
This discussion has been closed.