ExpressWebConnect is HORIBLE
Best Answer
-
@TalfordI feel that Quicken has violated my trust by saving my passwords without my permission.
But you did give them permission, you just didn't read the Terms of use/EULA, https://www.quicken.com/support/eula, when you installed Quicken and you had to agree to them to successfully install and use Quicken. It may be in the "small print", but it was there for you to read.
-splasher using Q continuously since 1996
- Subscription Quicken - Win11 and QW2013 - Win11
-Questions? Check out the Quicken Windows FAQ list0
Answers
-
Express Web Connect has always been problematic, as it's dependent upon the Financial Institutions notifying Quicken/Intuit prior changes to the FI's website. This is because EWC uses "screen scraping" to collect your data for download.Also, EWC regularly collects the data and stores it on Q's secure servers until you request a download. SO, if the timing's off Q might not collect tonight's transactions until tomorrow night.You might see if Direct Connect, or Web Connect are available from your FI's in order to avoid EWC.And, you don't have to store your IDs and Passwords in Q ... just delete the Password Vault and you'll be prompted for the passwords whenever you download.
Q user since February, 1990. DOS Version 4
Now running Quicken Windows Subscription, Business & Personal
Retired "Certified Information Systems Auditor" & Bank Audit VP0 -
@NotACPA - Thanks for your response, there's some consolation in knowing that I'm not the only one suffering with EWC.
Regarding passwords with EWC -- EWC stores passwords on QUICKEN SERVERS, not in the Password Vault. Deleting the Password Vault has no effect on this behavior. One breach on their servers, no matter how strong their security is, and hackers have access to all my financial accounts. Which hare-brained person at Quicken thought of this? At best this feature is a convenience, but the security risk is not worth it. They should at least make it optional.1 -
Then don't use Express Web Connect
Q user since February, 1990. DOS Version 4
Now running Quicken Windows Subscription, Business & Personal
Retired "Certified Information Systems Auditor" & Bank Audit VP-1 -
EWC has ALWAYS stored the passwords on servers so that the aggregation server could do the nightly update. Only recently has Quicken removed the passwords from the Password Vault since they were not used from it.If you don't want passwords on the Quicken server and Direct Connect is not available, then change to Web Connect downloads directly from the financial institution's website and you will be the only entity with the password.
-splasher using Q continuously since 1996
- Subscription Quicken - Win11 and QW2013 - Win11
-Questions? Check out the Quicken Windows FAQ list2 -
To the best of my knowledge, your bank password for Express Web Connect - connected banks has always been stored on a Quicken server, even before the introduction of the QCS connection service. So, if you want to call this a security risk, there is no new security risk. It has always existed.
0 -
NotACPA said:And, you don't have to store your IDs and Passwords in Q ... just delete the Password Vault and you'll be prompted for the passwords whenever you download.
This above statement shows how even SuperUsers have been fooled by the fact that the passwords where in the Password Vault or prompted for.
From day one Express Web Connect has been stated as "The Intuit servers log into the financial institution's website once a day to get the transactions, and then those transactions are cached on their servers for Quicken to pick up."
Clearly they couldn't do that if they were dependent on the passwords in the Password Vault or prompting the users.
In the recent change there wasn't anything stopping Quicken Inc from leaving those passwords in the Password Vault, or prompting the user, and people wouldn't have been any the wiser.
BTW I do believe the change does show one difference, and that is what happens when the user changes the password. I think in the past updating the Intuit servers with the new password might have come from the user changing it in the Password Vault or when they were prompted for it. Now it seems that it changes they fail to log in and then turn around and prompt the user for the new password.Signature:
This is my website: http://www.quicknperlwiz.com/0 -
I feel that Quicken has violated my trust by saving my passwords without my permission. I set up my connection to my financial institutions to require me to enter passwords each time because I wasn't comfortable having the information stored anywhere other than my bank. Now I find out that my passwords are already stored elsewhere. "Quicken will continue to function in the same way; your encrypted credentials are stored with our aggregation provider, and they pull your transactions from your bank using those encrypted credentials. (Source: Quicken Help: Why don't I need to enter my bank password to download from my bank? https://www.quicken.com/support/why-dont-i-need-enter-my-bank-password-download-my-bank). If I wanted Intuit to store all my passwords, I would just use Mint.
There needs to be an option that doesn't force me to store this information with Quicken, an unnamed aggregation provider, or any other entity. By the way, what is the name of that aggregation provider. I ought to at least know the name of the entity that has my passwords.0 -
Talford said:By the way, what is the name of that aggregation provider. I ought to at least know the name of the entity that has my passwords.
Signature:
This is my website: http://www.quicknperlwiz.com/0 -
@TalfordI feel that Quicken has violated my trust by saving my passwords without my permission.
But you did give them permission, you just didn't read the Terms of use/EULA, https://www.quicken.com/support/eula, when you installed Quicken and you had to agree to them to successfully install and use Quicken. It may be in the "small print", but it was there for you to read.
-splasher using Q continuously since 1996
- Subscription Quicken - Win11 and QW2013 - Win11
-Questions? Check out the Quicken Windows FAQ list0 -
IMO, EWC "always" storing passwords, or users giving consent in the EULA to store passwords is dodging the real issue -- that Quicken as a responsible company should give users the option to manage their sensitive information such as passwords to financial institutions. This is becoming more of an issue now because Quicken is touting EWC as "new and improved" and forcing institutions to move to this. While the underlying technology may be new and improved, I still feel that Quicken should give users the option to control this.
It sounds like the root cause of storing the passwords is that Quicken is regularly downloading transactions and storing them as @NotACPA stated, and they need the passwords to be able to do that off-line. I think this makes the security & privacy problem worse... why does Quicken need to store my transactions??? Why not just download from the financial institution when the user asks for the transactions? This seems like a poorly designed solution to whatever the original problem was when they created EWC, and not something they would have come up with if they were designing this in today's security- & privacy-conscious climate. I strongly feel a senior product manager from Quicken should engage with users and go back to the drawing boards.0 -
Again, simply don't use EWC and your issue disappears.
Q user since February, 1990. DOS Version 4
Now running Quicken Windows Subscription, Business & Personal
Retired "Certified Information Systems Auditor" & Bank Audit VP-1 -
Hello all,
This post has been argumentative and is not a constructive discussion and is being closed.
-Quicken Tyka~~~***~~~0