Do not apply password rules to financial institution passwords

dgm
dgm Member ✭✭
When it asks for a financial institution password in order to download something Quicken seems to apply its own rules to the password entered. It should not do this (in my example Quicken required a digit in a password and my financial institution did not). If it must apply its own rules Quicken should *always* apply them whenever a financial institution password is entered and when a password violates Quicken's rules it should say so, not that it violates the financial institution rules (which is what it says now, when trying to enter such a password into the Quicken vault). Whatever rules Quicken DOES apply should be documented.
4
4 votes

New · Last Updated

Comments

  • Sherlock
    Sherlock SuperUser ✭✭✭✭✭
    edited September 2020
    My understanding is Quicken is not applying it's own rules to financial institution passwords.  If there are rules applied, they were provided by the financial institution.
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    Now that I have read this suggestion instead of just what I said in the thread that lead up to this, I think this suggestion is worded improperly to get the proper change implemented in Quicken.

    Quicken is passed rules from the financial institution on what should be in the the password, and at times it is clear that this doesn't line up with what is really accepted at the financial institution. Why this is true is a bit of a mystery, but it shouldn't matter.

    Quicken shouldn't be applying these rules in the first place.  If Quicken would just accept whatever the user put in for the password, it would get rejected by the financial institution when the update is sent, with and error that the password is wrong.

    This is a better error flow than trying to keep up with rules that are obviously wrong for one reason or another.

    So in a nutshell the suggestion should be not to apply the rules on password sent by the financial institution/Inuit.
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
  • dgm
    dgm Member ✭✭
    I agree, I didn't realize the rules were supposed to come from the financial institution, but in general my point is it does more harm than good to apply them.
  • dgm
    dgm Member ✭✭
    With that in mind, I'd change the suggestion to "Do not apply password rules to financial institution passwords".
  • Jim_Harman
    Jim_Harman SuperUser ✭✭✭✭✭
    edited September 2020
    OK, I edited the title. 

    It would be good to understand why Quicken chose to check the passwords in the first place. Perhaps the idea is to reduce the likelihood of account lockouts due to repeated attempts to use invalid passwords.

    Even if they don't make this change, Quicken should at least clarify the error messaging and try to get the FIs to make the rules they provide to Quicken match those they actually apply.

    It is often a guessing game for users to come up with a password that is acceptable to both Quicken and the FI.
    QWin Premier subscription
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    OK, I edited the title. 

    It would be good to understand why Quicken chose to check the passwords in the first place. Perhaps the idea is to reduce the likelihood of account lockouts due to repeated attempts to use invalid passwords.

    I would like to point out that applying the financial institution passwords doesn't prevent lockouts due to using invalid passwords.

    Say I have a password, Ac5D4g!l that conforms to the financial institution's rules for passwords.  But in reality the password is Ac5D4g!!.  The rules aren't going to prevent me from putting in the wrong password.  It will still be up to when it is actually sent to the financial institution which would be when the account is setup or updated.
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/