Quicken allows transaction download without vault password

Bill West
Bill West Member ✭✭✭
Running the latest version of Quicken Deluxe on Windows 10. I have many accounts for which I download transactions via the 1-step Update command and I always get prompted for my vault password.

However, if I select an individual account and go over to the gear and select "Update now", it proceeds to download the transactions without prompting for the vault password. This method is allowed for all Express Web Connect accounts. My Direct Connect accounts still require the vault password.

Shouldn't this backdoor method be fixed?

Quicken Version R 41.10 Build: 27.1.41.10

Comments

  • @Bill West - try this.  Close and reopen Quicken.  Do an "Update Now".  It should ask for a vault password.  The reason why it doesn't ask for a vault password because you are doing it right after you do a one step update.  The vault password is only required once during a session.
  • Sherlock
    Sherlock SuperUser ✭✭✭✭✭
    edited June 2022
    Bill West said:
    Running the latest version of Quicken Deluxe on Windows 10. I have many accounts for which I download transactions via the 1-step Update command and I always get prompted for my vault password.

    However, if I select an individual account and go over to the gear and select "Update now", it proceeds to download the transactions without prompting for the vault password. This method is allowed for all Express Web Connect accounts. My Direct Connect accounts still require the vault password.

    Shouldn't this backdoor method be fixed?

    Quicken Version R 41.10 Build: 27.1.41.10
    As the credentials required for the Express Web Connect connection method are maintained at Intuit's servers, Quicken does not require access to the Password Vault to download the transactions.

    To prevent someone from importing transactions, I suggest you secure access to the Quicken file. 
  • That is interesting.  I never noticed that before because I don't usually run a "Connect Now" without doing an OSU first, and only if there is an issue with the OSU.  Also, most of my connections are DC.  I never understood the need for a vault password.  If I remember correctly, the old versions of Quicken didn't require one.  As @Sherlock mentioned you can secure your date file with a password, and thus prevent access to the OSU.
  • Sherlock
    Sherlock SuperUser ✭✭✭✭✭
    Damian said:
    That is interesting.  I never noticed that before because I don't usually run a "Connect Now" without doing an OSU first, and only if there is an issue with the OSU.  Also, most of my connections are DC.  I never understood the need for a vault password.  If I remember correctly, the old versions of Quicken didn't require one.  As @Sherlock mentioned you can secure your date file with a password, and thus prevent access to the OSU.
    The Password Vault password is necessary to decrypt the Password Vault and has always been required for the Direct Connect connection method credentials.  In pre-subscription versions, the Express Web Connect connection method's credentials were also being maintained in the Password Vault.  
  • Thanks @Sherlock, I must have remembered incorrectly that there was no vault password.
  • Bill West
    Bill West Member ✭✭✭
    Hi @Damian @Sherlock

    Thanks for your comments. Honestly, I never noticed that Quicken stopped storing "express connect" passwords in the vault. This must have changed when they changed the update process to use "a new aggregation platform". Although I understand why they did it, the one thing I don't like is that you can't cancel a hung/long running update without killing Quicken.

    I've been using Quicken since 2002 & seen many changes over the years - especially after Intuit's spinoff of Quicken to a standalone company. I can live with this - it's just strange that the passwords are now stored in 2 places (vault and a cloud server) and the documentation on the differences is pretty buried. I'm not sure it was ever announced that they were changing the storage methods but I did find it in the online documentation:

    https://www.quicken.com/support/why-dont-i-need-enter-my-bank-password-download-my-bank

    Thanks again for your responses.
This discussion has been closed.