Reduce Clicks Required for One Step Update with 2FA

Geobrick
Geobrick Member ✭✭
The number of "clicks" required when updating accounts with Two Factor Authentication (2FA) is excessive; especially when there are multiple accounts with 2FA.

For example, when there are multiple accounts requiring 2FA, the user waits until the 1st prompt and then has to go through a process requiring these clicks: :
Click 1: To get the drop down list for selecting phone numbers/email addresses to send the code (the 2FA method).
Click 2: To click the desired 2FA method (the phone number or email address)
Click 3: To click "OK" or hit 'enter' on the keyboard
Click 4: To place the curser in the code entry box after it appears
Click 5: To click "OK" after entering the 2FA code
Then repeat all the above for each 2FA account.

That's "5" clicks or interactions per account with 2FA. That's too many user interactions per account during a one step update (and of course, I'm not including the steps to get the code from a text or email which are out of Quicken's control).

Here's my suggestion:
Don't use a drop down list in the first first dialog prompt. Just populate the prompt with the 2FA method choices. As soon as the user clicks on one of the 2FA methods, process it without requiring an "OK". Take it and run with it. Next, when the entry box for the 2FA code pops up, automatically place the curser in there for us so that once we get our code, we can go right to the num pad and type it in and hit enter.

My suggestion reduces 5 clicks down to 2:
1) Click the 2FA method you desire
2) Hit enter (or click 'OK') after entering the 2FA code.

This will make using One Step Update with multiple 2FA accounts so much easier.
If there are three 2FA accounts, we'd go from 15 clicks down to 6. That's pretty significant. Please consider implementing this or something similar.
2
2 votes

New · Last Updated

Comments

  • Geobrick
    Geobrick Member ✭✭
    Really? Only one up vote? It takes 5 mouse clicks for something called "One Step Update". I realize it's because of two factor authentication but even if 2FA is out of Quicken's control, implementing my suggestion would reduce the number clicks from 5 to 2 (one if you hit enter vs clicking OK). So until there's some sort of new secure way to access financial accounts without 2FA, I think my suggestion would be helpful (especially for me because I have several accounts with 2FA forced on).
  • splasher
    splasher SuperUser ✭✭✭✭✭
    If you go back far enough before "One Step", you had to log into each FI and do a download of a .QFX file and import it which is what is done for Web Connect downloads.  "One Step" turned that into a sequence of downloads using either Direct Connect or Express Web Connect download methods that you triggered by starting OSU.
    No one ever called it One Click, you have added 2FA (or MFA) for your accounts, it just causes more clicks, but it still happens as a single process.
    -splasher  using Q since 1996 -  Subscription  -  Win10
    -also older versions as needed for testing
    -Questions? Check out the  Quicken Windows FAQ list
  • Geobrick
    Geobrick Member ✭✭
    > @splasher said:
    > If you go back far enough before "One Step", you had to log into each FI and do a download of a .QFX file and import it which is what is done for Web Connect downloads.  "One Step" turned that into a sequence of downloads using either Direct Connect or Express Web Connect download methods that you triggered by starting OSU.No one ever called it One Click, you have added 2FA (or MFA) for your accounts, it just causes more clicks, but it still happens as a single process.

    Yep. Great that it exists and it worked fine until 2FA and MFA (which in some of my accounts can't be disabled). It's also great that quicken can handle the 2FA transactions. All I'm suggesting is a UI improvement reducing unnecessary user interaction during the 2FA interchange. The way they present the 2FA method options for call, text or email by using a drop down list alone takes 3 clicks. My recommendation turns that into 1 click. Is it a priority? No. Would it make using Quicken a bit less tedious? Yes (but maybe just to me based on the number of up-votes).
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    Depending on the financial institution this isn't something Quicken has control over.

    If all the financial institutions were supporting Direct Connect (or any standard for personal finance programs to download transactions) then this would be a non issue.  For instance all of my financial institutions support Direct Connect and I have 2FA enable on them and never have to use 2FA in One Step Update.  The reason is simple Direct Connect (actual the OFX protocol) has its own security model.

    But that isn't the case so Intuit came up with Express Web Connect.  And as the name implies it started out as Intuit's servers trying to log in as you to the financial institution's website and download the QFX (Web Connect) file and import it.  Over time that was extended to getting data in different formats other than QFX depending on what the financial institution would agree on.

    But here is the bottom line.  Direct Connect is "program to program" as in Quicken talking to a special server the "OFX Server", not the financial institution's website.  Since Express Web Connect is Intuit server trying to act like a user, it is subject to all the same restrictions you would be.

    BTW 2FA == Two Factor Authentication.  You will notice there isn't anything in that "term" that says "interactive authentication".  Machines securely talk to each other all the time without any human interaction.  You wouldn't be able to transfer money between financial institutions without it.
    The key is only figuring out a way to implement this securely.  If you use the financial institution's App you don't have get a text each time you log in.  Why?  First form of authentication, your password, or maybe your fingerprint.  Second form of authentication?  It is actually the App itself which is register with the financial institution and as such they know that you are in possession of that mobile device.

    Some financial institutions will allow storing a "cookie" (just a value) for web browsers that allow it to say "your computer is one of the authentication methods".  Express Web Connect looks like your web browser to the financial institution, and as such plays by that same rule.  But of course there is a problem here.  The financial institution's website is one it biggest targets for hackers.  And as such as the threats worse they beef up the security around it, and stop trusting the web browser "machines".
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/