When will Quicken consistently accept special characters in passwords?

aUsername Member
edited March 2022 in Product Enhancements (Mac)
All of my financial institutions require special characters in the password. Quicken doesn't accept most of them. It is a huge nuisance having to use trial and error every time I have to change an account password and update Quicken with the new password. I have to repeat the whole process numerous times before finding a combination that Quicken will accept. Seems arbitrary. It's absurd that a tech company such as Quicken can't make the software accept normal special characters that financial institutions (and practically all websites these days) require. And if you can't figure out how, then PLEASE at least be transparent and show what characters you can accept on the password update dialog box.

[Removed - Solicitation]
8 votes

New · Last Updated


  • Quicken Anja
    Quicken Anja Moderator mod
    Hello @aUsername,

    Thank you for taking the time to reach out to the Community with your request.

    I went ahead and changed your post to an Idea so other users who have the same or a similar request can vote on your idea by clicking the up arrow (see below).

    Ideas are also reviewed by our Development and Product teams in order to improve Quicken and implement new features requested by customers.

    Please, be sure to add your own vote as well.

    -Quicken Anja
  • UKR
    UKR SuperUser ✭✭✭✭✭
    AFAIK,  Express Web Connect - connected accounts cannot use these characters in passwords:  & < > \ or /
    Certain characters have special meaning when used inside HTML code.
    There also can be a problem when banks change to allow use of special characters in passwords, but they forget to inform Intuit as the download service provider of the change. The same applies to changes in maximum password length. Either of these changes will make it impossible for Quicken to use updated password rules.
  • altoflyer
    altoflyer Member ✭✭
    I can't believe that this is a new idea. Do you all look at the ideas and collate the ones that are the same and then add up the votes? Because I cannot believe this is still an issue.
  • altoflyer
    altoflyer Member ✭✭
    Yes, in fact it came up in September 2021 but was not turned into an idea at that time for some reason. But since that user had an issue, I feel that means there should be one more vote added to the count.
  • altoflyer
    altoflyer Member ✭✭
    Oh look. Here it is again in June 2021. Add another vote to the count!
  • altoflyer
    altoflyer Member ✭✭
    And another one from September 2021. And one from December 2020. This has been an issue for a long time and, frankly, makes this application pretty unusable.
  • altoflyer
    altoflyer Member ✭✭
    Here are a few more:
  • altoflyer
    altoflyer Member ✭✭
    And that's only the first two pages of issues on this exact topic. I work in cybersecurity and the customers who are the most concerned about security and managing identity securely are the financial institutions. They are right on top of it and are very sophisticated in their approach.

    Why isn't Quicken? I get it that you all used special characters in your coding and to redo all that would be a GIGANTIC pain. But there have to be ways around it. Escaping characters or something? Maybe AWS can help; they are pretty sophisticated about security as well.

    But this ... this is unusable.
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    There are in fact two different problems going on here that people think are the same and misunderstanding of what is in Quicken Inc control and what isn't.

    First off, "What is allowed" is downloaded from the financial institutions.  For Direct Connect it comes straight from the financial institution, so if it doesn't line up with what they allow on their website it is their problem to fix.  For Express Web Connect the information flows through Intuit (the aggregator) and as such it is a lot harder to determine what party is dropping the ball.

    Personally, I think Quicken should just drop checking at all while the passwords are being entered, and just let them fail in the login, there are already error codes/messages for this kind of log in failure, instead of all this chasing of information on what is allowed being "behind the times".

    Next on the few special characters that aren't allowed because they are used special characters in web pages.  This only applies to Express Web Connect.  It isn't true of Direct Connect.  And for Express Web Connect it is out of Quicken Inc's control.  It is the Intuit "scripts" that log into the financial institution's websites and are the ones prone to not pass them through properly escaped. 
    This is my website: http://www.quicknperlwiz.com/
  • msmith99usa
    msmith99usa Member ✭✭✭
    Just updated my password at Fidelity in conjunction with my regularly scheduled change. I used a few special characters accepted by Fidelity to achieve their "Strong Password" level. Needless to say, Quicken does not accept my password... ;-( I agree with Chris-QPW that "Quicken should just drop checking while the passwords are being entered, and just let them fail in the login, there are already error codes/messages for this kind of log in failure, instead of all this chasing of information on what is allowed being "behind the times""... This such a simple solution and it does not require us, the Q customers who pay for this abuse, to spend valuable time tracking down the source of the failure, and then devising a work-around to Q's failures (I bet this will get me censored). Quicken needs to learn how to listen to its customers and get back to basics
  • Stephen Blendermann
    Stephen Blendermann Windows Beta Beta
    Even worse, if you use one of the forbidden characters, rather than a message to that effect, you'll receive a CC-502 or CC-503 error. It took several calls to support before they figured out that that was the source of the CC errors.