Schwab Password Length

Attempting to change Schwab password in my Password Vault I receive an Error Message telling me that a password longer than 14 characters is not allowed

This is not a Schwab limitation!

Comments

  • Sherlock
    Sherlock Quicken Windows Subscription Member ✭✭✭✭
    It may be the limitation Schwab provided for Quicken access.  If you haven't already, I suggest you refresh the financial institution's profile: https://www.quicken.com/support/quicken-currently-unable-verify-financial-institution-information-download

    If the issue persists, I suggest you deactivate the Online Services of all of the registers associated with the financial institution.  After you have deactivated the Online Services of all the registers associated with the financial institution, when you activate the Online Services of one of the registers, Quicken should allow you to save the new password to the Password Vault.  Quicken should provide a list of all of the accounts it finds at the financial institution and enable you to link the accounts to the appropriate existing registers.
  • thecreator
    thecreator Quicken Windows Subscription SuperUser ✭✭✭✭✭
    Hi @""Phil Derkum" ,

    A Password Length of 14 Characters is long  enough.

    Go to: https://www.roboform.com/  Get RoboForm Free. It has a Password Generator included.

    Go to: https://www.schwab.com/public/schwab/client_home  and sign in. Change the password to a length of 14 characters. Include Special Characters other than the Special Characters, mentioned at:  https://www.quicken.com/support/password-vault-your-bank-could-not-use-password-you-entered


    "The cause could be that the bank account login password uses special characters that interfere with Quicken's ability to download transactions. These special characters can be (but are not limited to) the ampersand (&), left carat (<), right carat (>), backslash (\), and forward slash (/). 

    1. Log in to your bank's website.
    2. Change your password to use characters other than special characters (such as &, <, >, \, or /). "

    thecreator - User of Quicken Subscription R53.16 USA

    Windows 10 Pro 32-Bit Build 19045.3693
    Windows 10 Pro 64-Bit Build 19045.3754



  • Phil Derkum
    Phil Derkum Member ✭✭
    QUICK BUT INCORRECT ANSWER.

    For those of us that have large Schwab accounts 14 is not enough. My current online Schwab password is 19 characters.

    Definite bug in Quicken
  • Chris_QPW
    Chris_QPW Quicken Windows Subscription Member ✭✭✭✭
    QUICK BUT INCORRECT ANSWER.

    For those of us that have large Schwab accounts 14 is not enough. My current online Schwab password is 19 characters.

    Definite bug in Quicken
    There's definitely a lot of misunderstanding about what is secure and isn't.  For instance I put a random generated 14 character password that RoboForm created into this website

    https://random-ize.com/how-long-to-hack-pass/?

    It says it will take more than 49 billion years to crack it with brute Force guessing.

    But frankly this is a whole useless line of thought.  Financial institutions lock your account after about three wrong guesses.
    Signature:
    This is my website: http://www.quicknperlwiz.com/
  • Phil Derkum
    Phil Derkum Member ✭✭
    I'm guessing that Schwab is overloaded and is throttling some capabilities to protect their system. I have run into a side effect of their throttle.
  • Chris_QPW
    Chris_QPW Quicken Windows Subscription Member ✭✭✭✭
    BTW don't take my answer to mean I don't think that Quicken (more likely Intuit) doesn't have a problem.  I was only commenting about what is "secure".

    The way I understand the system working is that Quicken Inc pays Intuit to maintain such information which it gets from the financial institutions.  And it provides that information to Quicken when is suppose to use it to determine what is "good password" or not.

    Needless to say there can be a "breakdown" of this information getting passed along.

    Personally I think it is all the wrong approach.  Quicken shouldn't be the "checker of good passwords".  They should just accept any password (with in the limitation of the OFX standard which is 32-characters) and let the financial institution reject the password when connecting if it isn't a "good password".

    But of course if they are going to have such a system, they do need to maintain it, and if the financial institution is allowing 19 character then that information should get to Quicken be correct.
    Signature:
    This is my website: http://www.quicknperlwiz.com/
  • Chris_QPW
    Chris_QPW Quicken Windows Subscription Member ✭✭✭✭
    I'm posting an update to my comment above now that I have some new information.  Information that I never knew before and I don't think any of the other SuperUser's know.

    "A little birdy" pointed out this information his OFX log:

           <SIGNONINFOLIST>
              <SIGNONINFO>
                <SIGNONREALM>Schwab
                <MIN>6
                <MAX>234
                <CHARTYPE>ALPHAANDNUMERIC
                <CASESEN>Y
                <SPECIAL>Y
                <SPACES>Y
                <PINCH>N
                <CHGPINFIRST>N
              </SIGNONINFO>
            </SIGNONINFOLIST>


    So clearly at least for Direct Connect (which would be all investment accounts) the financial institutions are actually sending their password requirements.  This information doesn't have to come through Intuit, and as such if it is out of date/wrong and Quicken is using it (and I see not reason why it wouldn't be using it) the clearly it should be an easy look in the OFX log kind of operation to see if it is wrong.  And if it is then it is the financial institution that has to fix it.

    This information isn't available for Express Web Connect accounts so most likely "through Intuit" and refresh the financial institution recommendations are correct for the accounts connected that way.

    And given for Direct Connect that this information is coming directly from the financial institution it does make sense that Quicken "pre checks it" instead of just sending the "illegal" password as the user typed it and having it rejected.

    BTW in reference to Charles Schwab.  I don't have such an account, but the above information from the "little birdy" does, and clearly there isn't a 14 character restriction and he did test that in fact passwords greater than 14 characters work just fine.
    Signature:
    This is my website: http://www.quicknperlwiz.com/
This discussion has been closed.