Quicken Community is moving to Single Sign On! Starting 1/22/21, you'll sign in to the community with your Quicken ID. For more information: http://bit.ly/CommunitySSO

Can anyone confirm, E*Trade's Two-Factor Security Prevents Quicken Downloads?

I have Quicken Premier 2020, version R30.14

I know that Quicken has some ability to handle two-factor log in at some financial institutions.

However, I have never been able to get Quicken to download from E*Trade with the two-factor security turned on.

Can anyone confirm one way or the other the accuracy of this statement: E*Trade's two-factor security prevents Quicken from downloading data. Is that true?

Answers

  • Frankx
    Frankx SuperUser ✭✭✭✭✭
    Hi @James J

    I am not sure if this is absolute confirmation (because theoretically there may be a way that I am unaware of, or I may be missing something) but I have not been able to connect and/or download with their 2FA enabled.

    Frankx


    Quicken H&B-Subscription - Ver. R29.20 - Build 27.1.29.20  - Windows 10 Home - Ver. 2004
                                             - - - - Quicken User since 1984 - - - 
      -  If you find this reply helpful, please click "Helpful" (below), so others will know! Thank you.  -
  • Sherlock
    Sherlock SuperUser ✭✭✭✭✭
    I am able to use the Direct Connect and the Web Connect connection methods to download and import transactions from E*Trade with E*Trade's two-factor security enabled.
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    The answer is different depending on if you are talking about the brokerage accounts or the regular banking accounts.  Two factor authentication doesn't affect Direct Connect which is used for all investment account because it has its own security model.  But ETrade Bank doesn't support Direct Connect and as such it is Express Web Connect only, and it definitely can have such problems.  Many years ago I had accounts with ETrade and turning on two factor authentication would certainly block Quicken.

    In recent years Quicken has been made to work with some of the financial institutions using multiple factor authentication, but if that was the case for ETrade you would probably already know it because Quicken would somehow prompt you for it.
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
  • James J
    James J Member ✭✭
    Thanks for the replies.

    While trying to get the two factor security to work with quicken, I did notice that the brokerage account and bank account use different methods to connect Quicken to Etrade. So it’s kind of weird that Quicken uses two different protocols (?) to access my Etrade data, yet when I myself log on to Etrade, there is only a single login.

    I have two factor security at two other financial institutions setup to work with Quicken. Those institutions use the Express Web Connect protocol (I’ll double check that statement tomorrow).

    But with Etrade, neither the brokerage account nor our multiple bank accounts would update after turning on the two factor security.
  • James J
    James J Member ✭✭
    edited December 2020
    > @Sherlock said:
    > I am able to use the Direct Connect and the Web Connect connection methods to download and import transactions from E*Trade with E*Trade's two-factor security enabled.

    @Sherlock Could you confirm that you are able to use Quicken’s Express Web Connect to allow data to download from an Etrade Bank, not brokerage, account to your quicken account?

    If it does work, are you using the VIP Access app or the token? Can’t imagine it makes a difference though.

    Can you explain at what point does Quicken allow you to append the 6 digit code to your Etrade password? And how often does Quicken require this?

    Thanks!
  • Tom Young
    Tom Young SuperUser ✭✭✭✭✭
    edited December 2020
    @James J said "So it’s kind of weird that Quicken uses two different protocols (?) to access my Etrade data"
    I believe the more accurate statement is "it's kind of weird that Etrade supports Direct Connect for investment accounts but not bank accounts."
     Financial institutions have to sign up for and pay for the Direct Connect method of connecting to Quicken.
  • James J
    James J Member ✭✭
    > @Tom Young said:
    > @James J said "So it’s kind of weird that Quicken uses two different protocols (?) to access my Etrade data"I believe the more accurate statement is "it's kind of weird that Etrade supports Direct Connect for investment accounts but not bank accounts." Financial institutions have to sign up for and pay for the Direct Connect method of connecting to Quicken.

    Ha. Yeah you're right. I wonder if E*Trade needs to pay something to Quicken in order for Etrade's two factor login to work with Quicken's Express Web Connect.
  • Sherlock
    Sherlock SuperUser ✭✭✭✭✭
    James J said:
    > @Sherlock said:
    > I am able to use the Direct Connect and the Web Connect connection methods to download and import transactions from E*Trade with E*Trade's two-factor security enabled.

    @Sherlock Could you confirm that you are able to use Quicken’s Express Web Connect to allow data to download from an Etrade Bank, not brokerage, account to your quicken account?

    If it does work, are you using the VIP Access app or the token? Can’t imagine it makes a difference though.

    Can you explain at what point does Quicken allow you to append the 6 digit code to your Etrade password? And how often does Quicken require this?

    Thanks!
    We use the Web Connect connection method with E*Trade Bank.  We do not use the Express Web Connect connection method.  We're using the Digital Security ID token.  We sign-in with a browser using a password manager, enter the token, and download and import the available transactions for each account.

    We use the Direct Connect and the Web Connect connection methods with Quicken E*TRADE.  

    As I recall, E*Trade Bank was a late arrival and the E*Trade web site was used to provide a portal to the bank's website.   
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    Investment accounts are only supported using direct connect and that requires a special OFX server for Quicken to connect to and get the information. And of course that server has to be tied in to the back end where the transactions are whether that be the broker or the bank. So even without considering that Intuit might charge for support for direct connect which I know they did in the past but I have no idea about it now.  There are certainly costs and training that kind of stuff involved.

    Whereas what Express web connect is Intuit servers trying to log in as you to the website which of course the bank already has and therefore means that they have what should be less cost.

    And it's this very fact that they're trying to log in to unstandardized websites with some agreement on how to do it that causes all the complications.
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
  • James J
    James J Member ✭✭
    They probably need that special server because the investment accounts hold a lot more data than simple checking accounts?
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    James J said:
    They probably need that special server because the investment accounts hold a lot more data than simple checking accounts?
    No I don't think so, more likely they are completely different systems.
    They have the "banking branch" of the business and the "brokerage branch".
    So the complexity isn't in the OFX server itself, but in the connection to the "back end" financial servers.

    BTW cost certainly does play into this.  The services like brokerages and credit cards are much more likely to support Direct Connect, and you will notice they are the ones that get a much higher return on people's money than the checking and savings accounts.
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
  • James J
    James J Member ✭✭
    > @Sherlock said:
    > We use the Web Connect connection method with E*Trade Bank.  We do not use the Express Web Connect connection method.  We're using the Digital Security ID token.  We sign-in with a browser using a password manager, enter the token, and download and import the available transactions for each account.
    >
    > We use the Direct Connect and the Web Connect connection methods with Quicken E*TRADE.  
    >
    > As I recall, E*Trade Bank was a late arrival and the E*Trade web site was used to provide a portal to the bank's website.   

    Hmm, we have three checking and two brokerage accounts with ETrade. Using the One-step update has been awesome. Manually downloading the files from the bank and then importing to Quicken is a hassle. . . .

    I should double check that Etrade is bonded/insured against theft . . . . :neutral:
  • Frankx
    Frankx SuperUser ✭✭✭✭✭
    edited December 2020
    Hi again @James J

    It's not the "amount of data" although I agree that investment account downloads involve more data than typical bank accounts, and you may not know that many banks - and certainly all the large banks - have the "direct connect" connection to Quicken available, many at no cost to their account holders.  It is actually the additional security and reliability that comes with a "direct connect" connection that is important.  And for users, that results in not only a better connection in quality as well as timeliness of data, but also the avoidance of the data errors and lack of quality that comes from an application/connection that literally "scrapes" data from a website screen designed for users to view their accounts and sends it to you for upload.

    Frankx


    Quicken H&B-Subscription - Ver. R29.20 - Build 27.1.29.20  - Windows 10 Home - Ver. 2004
                                             - - - - Quicken User since 1984 - - - 
      -  If you find this reply helpful, please click "Helpful" (below), so others will know! Thank you.  -
  • James J
    James J Member ✭✭
    Wait a sec, I think "Direct Connect" is the old way of connecting.

    "Express Web Connect" is the newer way.

    Express Web Connect absolutely works with two-factor logins for some institutions. Is it not, therefore, more secure than Direct Connect? No?

    Also, I use Express Web Connect with credit card accounts as well as with bank accounts.

    All my brokerage accounts use Direct Connect.

    Two of my credit cards use Web Connect, what is that?
  • Frankx
    Frankx SuperUser ✭✭✭✭✭
    Direct Connect is the most reliable and safest way to connect because it is indeed your computer connecting "directly" with your bank's server in real time.  Express web connect is a process where Quicken's (actually Intuit's) servers automatically log in to your FI website and "screen scrape" data once a day (usually overnight).  Web connect is a process you perform as follows:  1) you must log in to your FI's website and download a file; and 2) you import that file into the Quicken application,

    Frankx


    Quicken H&B-Subscription - Ver. R29.20 - Build 27.1.29.20  - Windows 10 Home - Ver. 2004
                                             - - - - Quicken User since 1984 - - - 
      -  If you find this reply helpful, please click "Helpful" (below), so others will know! Thank you.  -
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    I would hardly call Express Web Connect "more secure" or "the newer way".

    Yes Express Web Connect is "newer" in the sense that Direct Connect was implemented a few years before Express Web Connect, but that is about it.  They are both "old".  Well sort of.

    Direct Connect is the OFX standard, which is first standardized in about 1997, but it has also had revisions to that standard.  Here is a link to the timeline.
    https://www.ofx.net/about-ofx.html

    And whereas OFX is a standard, Express Web Connect is an "agreement" with the financial institutions.  What's the difference?
    There isn't a set "protocol".  When talking to one financial institution, they might agree on logging in this way or that, and then they might in fact download a QFX file which is basically the response that would normally be sent in and Direct Connect session if it was supported.  For another financial institution there might be completely different agreement on how to log in and they might provide the data in a CSV format and the Intuit servers have to translate it to a OFX response for Quicken.  And on and on.

    It is a misconception that putting the user in the middle of this process is "more secure".  If this was true then our whole banking system would be insecure, because clearly it can't function with having a user involved in every single transaction.
    Security can be created in other ways.

    Any https connection is one example.  These connections are created using by exchanging information in a way that one side can trust the other is who they say they are.  This is the purpose of the certificates that are issued and used in this process.

    Note that Direct Connect connection method is https, with some more security on top of that for ensuring you are you.  Not to mention that some financial institution enforce even more.  Chase for instance makes the user "turn on Direct Connect".

    OAUTH is another widely used standard (much newer and sadly not used by Quicken/financial institutions).  And it is much better than any "multiple factor" used by Express Web Connect, because not only is it using "tokens" that are "certified", it changes the tokens after every session.  Whereas to be "convenient" to the users most of the multiple factor schemes that are use with Express Web Connect "save" some piece of information on the machine so that the user doesn't have to enter it for every session.  How would you like to enter some kind of information for every financial institution you have when you run One Step Update?  When that happens (and it does because of "lost (never saved) token" in Quicken you certainly get a lot of complaints.  For this kind of multiple factor authentication to be truly secure it needs to change for every session, but they compromise because that is "inconvenient".

    About 30 years ago garage door openers sent out one code (changeable by the user), until the bad guys found out they could wait outside of someone's house and record that code, and when the person left just replay it.  So they changed the garage door openers to put out a different code for every session.  If you have ever used any of the "secure token" generators the idea is the same.  The server has a sequence of random codes that are in sync with the ones on the token generator.

    Anyways it looks like you need a few definitions.

    Web Connect -> a term used by Quicken/Quicken Inc/Intuit to mean downloading and importing a QFX file, which in turn is the "response" part of would have been a Direct Connect/OFX protocol exchange.

    Express Web Connect -> a term used to mean the "attempt" for Intuit servers to do the same thing by "masquerading" as the user.  In other words the very first use case was indeed just to log into the financial institution's website as you and download and import the QFX file that the financial institution provided.  This was later expanded to other formats because not all of them will make the information available in this format.

    Direct Connect -> a term used by Quicken/Quicken Inc/Intuit for a slightly modified version of the OFX standard (the change was put in to force that the financial institution be a "participating partner", which signs an agreement with Intuit).
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    edited December 2020
    EDITED

    BTW as a side note.  You will notice that the OFX website brags about over 7000 financial institutions support it.  Sounds good until you realize a few facts.

    1. At one time Quicken Direct Connect was up to about 4,500 financial institutions.  But these days it is more like 2,000.  Mostly credit unions dropping it because of cost.  Note Quicken users think they are a "big force", but in reality they are a drop in the bucket for most financial institutions, and any costs are "an extra burden" on their normal customers.  Back in the day of poor websites it made more sense, but now every financial institution spends a lot on their websites/mobile apps, and that is where they want to spend because that locks you more into their services instead of going to their competitors.
    2. US financial institutions supporting OFX, but not Quicken probably can be counted on one hand, if that.
    3. Canadian financial institutions supporting Direct Connect/OFX can be counted on one hand.
    4. The big increase of financial institutions supporting OFX are outside of the US/Canadian.  And in fact the EU made it mandatory to support either or both OFX or another similar standard.  The US and much of the rest the world (including Canada) have no such mandatory support, and as such we have "aggregators" which are certainly the "poor man's" support for our personal finances.
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    Oops, left out the most important point.

    There are more than 35,000 financial institution's in the US alone.  So even 7,000 if they were in the US, would hardly cover everyone.
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
  • wiscobez
    wiscobez Member
    @Chris_QPW Thanks for that explanation! You cleared up questions that have been in my head for ages!
  • andlloyd
    andlloyd Member
    > @"James J" said:
    > I have Quicken Premier 2020, version R30.14
    >
    > I know that Quicken has some ability to handle two-factor log in at some financial institutions.
    >
    > However, I have never been able to get Quicken to download from E*Trade with the two-factor security turned on.
    >
    > Can anyone confirm one way or the other the accuracy of this statement: E*Trade's two-factor security prevents Quicken from downloading data. Is that true?

    I've been using etrade's 2-factor authentication and Quicken connect with no problem for 2+ years now.
Sign In or Register to comment.