Home Quicken for Windows Product Ideas - Quicken for Windows Product Enhancements (Windows)

Encrypt Quicken File

Craig VorwaldCraig Vorwald Member ✭✭
It is my understanding the actual Quicken file is NOT encrypted. If I am wrong, then disregard this request and advise.

I realize a password can be required to open a Quicken file, but that is not encryption. Attachments to accounts or transactions can be easily accessed without this password. Those more skilled than I would have a field day...

Ransomware schemes these days are getting worse, with the files being downloaded by the bad actor before invoking the ransom request. If the ransom is not paid (or hey, even if it IS paid), the intruder sells the files they have obtained. Without encryption, you and your family's future financial well being are potentially in jeopardy.

Thus this request. Time to make it harder for malicious actors to gain access to personal information stored in Quicken. I would actually pay MORE for a version of Quicken that supported this feature.

If people have come up with other ways to secure their Quicken files, I would like to hear it.

Thanks!
Quicken user since 1995...
3
3 votes

New · Last Updated

Comments

  • Chris_QPWChris_QPW Member ✭✭✭✭
    For what it is worth the attachments are encrypted.  There use to be an option to decide if one wanted them encrypted or not, but that was removed a few years ago and they are now always encrypted.
    (I'm using the latest Quicken subscription version)
  • Chris_QPWChris_QPW Member ✭✭✭✭
    P.S.  I should mention though, encrypting something isn't enough.  One has to ask were is the key, and how can it be accessed?

    If you open a QDF file with 7-Zip you will be able to get to the attachments, but like I said they are encrypted.

    But if I open that QDF file in Quicken (which may or may not have a file password on it) I now can open any attachment.  Clearly the encryption key is in the Quicken data file, ...
    (I'm using the latest Quicken subscription version)
  • Chris_QPWChris_QPW Member ✭✭✭✭
    One other note.  I think the main reason that "true encryption" isn't used for the data file is because to do so would mean that if the user loses their password there would be nothing Quicken Inc could do for the user to recover their data.  And that isn't a position they want to be in given how people feel about their financial data.
    (I'm using the latest Quicken subscription version)
  • Craig VorwaldCraig Vorwald Member ✭✭
    Thanks Chris. If just anyone can open the attachments (which they can using the process you described), then I really don't think that meets the definition of encryption for purposes of security. I can pick up that file, drop it on any other PC without Quicken software and open the attachments. As far as why there is no true encryption due to fear of password loss... the question becomes "lose your data, or lose all your money". Pick one. I chose data. At least I am in control in that situation, and I personally have it covered.

    Perhaps this encryption I have proposed can be optional... like the password to the Quicken file is optional.
    Quicken user since 1995...
  • Chris_QPWChris_QPW Member ✭✭✭✭
    I think you misunderstood what I said about the attachments, they are encrypted from "external access" (but the key to decrypt them is in the Quicken data file).  What I was getting at is given that you can get a Quicken data file open then you have access to descript/read them in Quicken.

    And given that the data file can either have no password or one that Quicken Inc can remove, that isn't "true encryption" that only you can control the access to.

    Note I'm pretty sure that the Quicken data file is "encrypted" or "scrambled" in some way.  You can't just binary edit it to see transactions for instance.  But with "true encryption" only you would have a key to unlock it, and besides that if you have ever used real encryption when you change the password it needs to encrypt the data again.  There is no such thing happening for when you add a password or remove it.

    Most people that are concerned with keep their data files in an encrypted folder.
    (I'm using the latest Quicken subscription version)
  • Craig VorwaldCraig Vorwald Member ✭✭
    Hi Chris. No I'm not confused. If you "Extract" just the attachment folder using 7-ZIP and move the attachment folder to a PC that does NOT have an image of Quicken or an actual Quicken file, you can still open the attachments. It is my opinion there is no "key" in the actual Quicken file and that the attachments are not encrypted in any fashion. Maybe we can get the Quicken software folks to chime in.

    Any suggestions on which software to use to setup an encrypted folder?
    Quicken user since 1995...
  • Chris_QPWChris_QPW Member ✭✭✭✭
    So I just tested again and:


    And after extracting this file from the QDF.

    (I'm using the latest Quicken subscription version)
  • Craig VorwaldCraig Vorwald Member ✭✭
    Hey Chris. OK, this is weird, because I am able to extract PDF files from the 7-ZIP ATTACH folder to a thumb drive and they are totally readable valid PDF's on a separate PC that does not have Quicken installed on it. Not sure how to explain at this point. Maybe it has something to do with the age of the files??
    Quicken user since 1995...
  • Chris_QPWChris_QPW Member ✭✭✭✭
    Maybe it has something to do with the age of the files??
    How new is the PDF attachment?

    One possible idea is that if it is really old it was attached unencrypted when that was an option.  And when they switched over to not giving a choice/forced encryption the old attachments weren't touched.

    I suppose it could also be a bug where your data file somehow got locked into "non encrypted".

    Try it in a new data file.
    (I'm using the latest Quicken subscription version)
  • Craig VorwaldCraig Vorwald Member ✭✭
    Bingo. Older attachments will open without difficulty outside of Quicken. Newer attachments (both jpg and pdf) will *not* open outside of Quicken (application states the file is "corrupt"). I don't have a clean way of determining the cutover date in my file, as the Attachment folder is over 1 TB is size, and 7-zip shows everything as having the same date.
    Thanks!
    Quicken user since 1995...
Sign In or Register to comment.