Where and how are passwords for online billers stored?

I'm wondering where the credentials for online billers (e.g., gas company) are stored? I see that they cannot be stored in the Password Vault, so I'm not sure how they are encrypted and stored.

Answers

  • Boatnmaniac
    Boatnmaniac SuperUser ✭✭✭✭
    The login credentials are encrypted and saved on Quicken servers.  You might want to go to https://www.quicken.com/support/setting-online-bill-center-and-frequently-asked-questions#section-0 and then scroll down to #3 under How to start using the Online Bill Center where you will see:
    I'm guessing that they are saved on the same servers where Quicken saves the login credentials for Accounts that are set up for Express Web Connect.
    (QW Premier Subscription: R36.23 on Windows 10)
  • sbaird32
    sbaird32 Member ✭✭
    Thanks. I can also guess. Looking for a definitive answer.
  • sbaird32
    sbaird32 Member ✭✭
    I'm not interested in using any feature which requires Quicken to store my credentials on one of their servers. If the creds are stored locally in my data file, I'm more inclined to use it.
  • Boatnmaniac
    Boatnmaniac SuperUser ✭✭✭✭
    sbaird32 said:
    Thanks. I can also guess. Looking for a definitive answer.
    I think that picture I'd posted was pretty definitive.  I was only guessing that the servers where the login credentials for Online Bills are saved are the same servers where the EWC login credentials are saved.  Whether they are or not is moot because in both cases they are saved on Quicken servers.
    (QW Premier Subscription: R36.23 on Windows 10)
  • Boatnmaniac
    Boatnmaniac SuperUser ✭✭✭✭
    edited September 19
    sbaird32 said:
    I'm not interested in using any feature which requires Quicken to store my credentials on one of their servers. If the creds are stored locally in my data file, I'm more inclined to use it.
    You are not alone on this matter.  Since you don't want login credentials saved on Quicken servers you'll want to avoid not only Online Bills, but also Bill Manager and downloading via Express Web Connect.  I am also not sure where the credentials for the Credit Score feature are saved so you might want to avoid using that, too.  There might be a few other features you'll want to avoid using as well but I'm not sure what those might be.
    Some people, myself included, also do not want any of their financial data saved anywhere except on my HDD so they also avoid using the optional Quicken Mobile and Quicken on the Web features because financial data is saved in their Quicken Cloud Account.
    The "safe" options for managing your accounts in Quicken are Direct Connect update connections because the login credentials are saved on your HDD, manually downloading from online accounts via Web Connect since there are no login credentials saved at all and manually updating because no login credentials are needed for that.
    (QW Premier Subscription: R36.23 on Windows 10)
  • sbaird32
    sbaird32 Member ✭✭
    > @Boatnmaniac said:
    > I think that picture I'd posted was pretty definitive.  I was only guessing that the servers where the login credentials for Online Bills are saved are the same servers where the EWC login credentials are saved.  Whether they are or not is moot because in both cases they are saved on Quicken servers.

    Ok, I see your argument. I'm still hoping maybe this is just sloppy documentation, and the credentials for Online Bills are stored locally. It's not clear to me why these transactions/connections cannot be made from my machine directly (i.e., why do "Quicken Servers" need to be involved here?) I'm definitely not using EWC and Quicken on the Web for obvious reasons.
  • Boatnmaniac
    Boatnmaniac SuperUser ✭✭✭✭
    sbaird32 said:
    > @Boatnmaniac said:
    > I think that picture I'd posted was pretty definitive.  I was only guessing that the servers where the login credentials for Online Bills are saved are the same servers where the EWC login credentials are saved.  Whether they are or not is moot because in both cases they are saved on Quicken servers.

    Ok, I see your argument. I'm still hoping maybe this is just sloppy documentation, and the credentials for Online Bills are stored locally. It's not clear to me why these transactions/connections cannot be made from my machine directly (i.e., why do "Quicken Servers" need to be involved here?) I'm definitely not using EWC and Quicken on the Web for obvious reasons.
    When an Online Bill is set up Quicken's system tracks the due date whether or not your installation is online.  In order to do that your credentials need to saved where Quicken's system can access them when you are not online.
    It is the same logic with EWC download connections.  Quicken connects with the Financial Institutions mostly at night, downloads the account(s) data to their server and stores it their until we run OSU when it then downloads to our computers.  Again, they need the credentials on their servers to be able to download from the Financial Institutions when we are offline.
    If you want confirmation of all this I suggest you contact Quicken Support (https://www.quicken.com/support#contact-support) and talk with them.  They will probably be able to identify for you every Quicken feature that requires your credentials to be on their servers in order to function so you can know every feature you might want to avoid using.
    (QW Premier Subscription: R36.23 on Windows 10)
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    Based on the information we have here is an educated guess at where all the passwords are stored.
    • Password for Quicken data file, in the data file.
    • Password for transactions, in the data file.
    • Direct Connect - Password Vault (Quicken data file).
    • Express Web Connect, both at the Quicken servers, and at Intuit servers.  Note in the past storing the password in the Password vault was "redundant".  The Intuit server always held the password so that they "can log in once a night and retrieve transactions to be cached on their server".  At the beginning of the year Quicken Inc added QCS in that flow (Quicken Connection Services/Quicken cloud data set), so clearly now the Quicken servers also hold the password.  You might be interested in this thread I wrote on the subject: https://community.quicken.com/discussion/7882641/qcs-express-web-connect-is-cloud-sync
    • Online Bills.  Clearly at a minimum the third party service must be holding these passwords.  The Quicken servers might be holding them too.
    • Quicken Bill Manager which is serviced by the same third party and is just another/added service from the same third party that have always provided the Online Bills, so it is the same for the passwords.
    • Credit Score.  Exactly what is stored here is "fuzzy" to me.  Because I'm not sure they even used a person's "username/password" it was more like "give me information to verify you are you".  So how they maintain this connection is also fuzzy to me.  I doubt they keep all the information and resubmit it.  Maybe some kind of "token" or such is used.
    • Not exactly a username/password, but they would be storing your property information in the Quicken Cloud data set too.
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
  • sbaird32
    sbaird32 Member ✭✭
    Thanks for all the info. This is a bigger rabbit hole than I realized.