Should updating Schwab transactions require a password?

deriter
deriter Member ✭✭✭
I recently made the changes to be able to download Schwab transactions. Now for my Schwab account, when I select "downloaded transactions" then "update transactions", I get a "One Step Update Settings" dialog box. On other accounts, I have to enter a password and then click the "update now" in that dialog box. For Schwab, there is no place in that dialog box to enter a password, and if I click "update now", it proceeds to download transactions correctly. Is that how download is supposed to function for Schwab transactions?

I don't pretend to understand how the download process works, but I've read that part of the Schwab change was to preclude Quicken from having access to users' Schwab passwords. If Quicken hasn't saved our Schwab passwords, how can Quicken complete these downloads without users entering a password?

Answers

  • Ps56k2
    Ps56k2 SuperUser ✭✭✭✭✭
    You had to authorize Schwab to download to Quicken, and during that process, a "token" was sent and saved in Quicken, which is used as a "handshake" for any future Quicken downloads.... thus not requiring any password entry.
    QWin Deluxe Subscription - Win10
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    Ps56k2 said:
    You had to authorize Schwab to download to Quicken, and during that process, a "token" was sent and saved in Quicken, which is used as a "handshake" for any future Quicken downloads.... thus not requiring any password entry.
    Actually, I believe the token is stored on the Intuit server, not in Quicken.

    Quicken Inc pays Intuit to do the “aggregation”, so it is their server that is connecting to the Schwab and fetching the transactions.  Quicken Inc’s server fetches the transactions from the Intuit server, which in turn are “synced” from the “Quicken cloud dataset” to your Quicken Desktop data file.

    Note that the token is actually a “rotating token”, not a fixed value like your password would be.  It is changed after every access.  Your credit card with the “chip” works in a similar manner.  Instead of sending a fixed credit card number it sends a token/number that is changed every time you use it, so that if a hacker got the number (like they did in the famous KMart hack before this was put in place in the US) the number would be useless because the number/token is a one time use kind of functionality.
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
This discussion has been closed.