"Invalid Credentials" - when using Quicken outside of US ?

elisimpson

I have an update for people trying to log in from outside the USA. I decided to try remotely installing Quicken on a Windows computer I have access to in the United States and was able to log in with no difficulties whatsoever. While it was a relief to be able to access my data and update accounts, I'm very disappointed that Quicken truly appears to be intentionally blocking foreign IPs (specifically mine in Japan). I understand if Quicken wanted to block North Korea and other "bad actor" states... but Japan?? Netherlands??

Is Quicken really doing so well financially that they can intentionally exclude paying customers with valid subscriptions?? I have been a loyal Quicken paying customer since 1997... 25 YEARS. I'm the type of person who evangelizes Quicken to others because it really is the best personal finance software available. With this change you're saying to me: "We don't want your business. Go to hell."

PLEASE PLEASE PLEASE reconsider this change, if it truly is intentional. If you don't reconsider I'll definitely be expecting a full refund for my subscription and won't be using Quicken again when I return to the USA.

Chris_QPW

In truth this sounds like the "security experts" reading from some terrible out of date/wrong script, which they tend to defend with their lives.

Getting a "different" IP address is simple.  The simplest way is to us VPN so that you are using the VPN services IP address instead of your own, but even faking your IP address isn't that hard, especially for the "bad actors".

So, blocking based on the IP address at most will block the good guys, not the bad ones.  The bad guys certainly know how to get around this.

But try to convince the "security departments" of financial institutions or services that handle financial institutions.

BTW you can equate the IP address to phone number.  Tell me how effective it is to block that spam caller, by blocking the phone number that they change every time they call you?

Bob@34

> @Quicken Anja said:
> Hello All,
>
> Thank you for taking the time to visit the Community and report this issue, though I apologize that you are experiencing this.
>
> We have passed this along to our teams and this is being investigated further. However, in the meantime, our team wants to know if this issue is possibly caused by too many login attempts which would cause a security screening block requiring you to have to wait 24 hours to log in again. To test this, we advise that if the issue persists, to please not attempt logging in again for 24 to 48 hours.
>
> If the issue still persists after 24 to 48 hours with no login attempt, then please contact Quicken Support directly for further assistance and possible escalation if they see fit.
>
> Thank you!

Well, I am pleased to announce that things seem to be working for me once again. Didn't touch Quicken for a full 48 hours. Rebooted and started Quicken. I was once again prompted to enter my credentials only this time I was sent a text immediately upon hitting enter - nothing about my credentials being wrong. Entered the six-digit number I'd received and was prompted to enter my Vault Password as I would normally expect. All accounts updated successfully. In Spain using Nord VPN to the US.

mazama

For me, this has still not worked. It seems like it resets every time. So in the last week, I've logged in exactly two times. And after closing the app, it asks for log in again, and gives the invalid credentials message again.

mazama

I got really frustrated at this so I tried to troubleshoot a bit.

I was running quicken on two pcs, sharing the data file. One was able to log in, the other was getting "invalid credentials" This should rule out the password being "locked" and needing time to reset.

Secondly, I copied the %AppData%/Quicken folder from the good pc to the bad pc, and magically I was able to log in again on both pcs.

Next I tried deleting the Appdata folder from one PC, and the problem came back. Quickly repaired by copying over the "good" appdata folder. So it seems not a problem with a corrupt config file.

My theory is that it's something to do with the 2FA. When quicken sends you a text message with a code to log in. Once you've logged in, your pc is "remembered" for some amount of time. So by copying the "good" data, I have the authorization token saved somewhere.

So it seems the problem is somewhere in the auth servers. I am outside of the US, so it could be a geoblock issue (although I am occasionally able to log in. I'd assume geoblock would block me 100% of the time.) If the auth server actually decides to send me a text, I am able to log in. Something in the chain is failing, and the code is never sent, we can never enter it. So we get the invalid credentials message.

elisimpson

@mazama I think you're on the right track. Did you see my earlier post about OAuth errors in the logs? I'm getting tons of these errors in the local AppData directory on machines that can't log in:

qw PID(6304) TID(1) 27.1.41.19 7/2/22 10:54:37:028 AM ERROR Quicken.Services.Authentication.OAuth2Service "System.Security.Cryptography.CryptographicException: Key not valid for use in specified state.

at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
at QAM.Authorization.Internal.SecureData.Load(String itemName)"

mazama

From the error message, my guess would be that means that the auth token in your file is expired. If it were just a corrupt file, deleting it would solve the issue.

So sounds like it points even more to being an issue with their auth service. However, I accidentally deleted my "bad" data, and am no longer able to test anything. Since now it seems even by deleting my appdata folder I am still able to get in. (possibly it's been fixed finally)

elisimpson

I first ran into the issue when reinstalling Windows, which of course wiped any saved auth cookies that were working before the reinstall. No amount of reinstalls or fresh profiles has fixed it for me though. The only thing that worked was doing a fresh install on a Windows computer I have access to in the USA via remote desktop. It got me back in but isn't really a long term solution.

dballing

I, too, am experiencing this problem. Making it very difficult to balance my accounts and pay my bills. :frowning:

dballing

So after spending several hours yesterday in chat sessions with support, I finally got past the "invalid credentials" impasse and appear to be fully functional again.

Let me offer my observations on what I *saw* as causes and remediation (I have no idea what, if any, actions were happening behind the scenes).

* Logging in, in recent history, both from US (ie, VPN) and !US IP addresses triggers some of the "security threat" conditions which can lead to an account getting into a temporary locked state. So the thing I was doing to "diagnose" was in fact causing some of the difficulty.
* Attempting to log in, from the Quicken app, from an IP address that is listed as "high risk" can also trigger that state. Apparently a LOT of VPN endpoints are in this category (of the five I tested from my not-at-all-shady provider, only one passed their tests)
* R41.19 may also have had some issues. I was in a weird state in that my subscription renewed between the release of R41.19 and R42.8, so even when I downloaded the R42.8 mega-combo-update, it would refuse to apply the update because the cached expiration date of my account was prior to the update, so since I couldn't log in to get updated expiration date info, it would just tell me "you need to use the last old version that was still within your subscription".

The remediation, in total, seemed to be:

* File > Validate & Repair ... and select the first option which talks about fixing the Authorization data. This seemed to remove any cached authentication data
* When I started quicken after that, it then happily updated itself to R42.8, but still asked me to login before I could access my data-set, which was still problematic.
* This is where it became tricky. I started changing my VPN endpoint to try to find an endpoint that Quicken's security assessment didn't label as "high risk". My account had gotten itself frozen already but the tech was able to see internally the different error messages in their logging (ie, blocked login because account frozen vs. blocked login because high-risk IP), and identified one of the end-points that -- if I reset my password and waited NN hours -- would likely work.

Lo and behold, I woke up this morning, VPN'ed into the believed-safe endpoint, entered my credentials -- ET VOILA -- all is well in the world.

I haven't tried to see if I can just connect from my European IP address (because a number of my banks block the OFX access if I'm using that IP anyway, so I need to be on a US IP to get my banking done).

My original support ticket was # 9583855 (there might've been a second ticket for one of my call-backs, not sure), if it helps anyone else who chats with a tech to find a solution that works for them. But that should help any other techs find my account, all the cases associated with it, etc., etc. :-)

elisimpson

So let me get this straight: Quicken expects us to sit online for hours with a tech trying different VPN endpoints until they see in the logs that one is approved by their "security experts"? That about the size of it?

Or, they could just turn off this asinine IP blocking and solve everyone's problem in seconds, while not compromising security at all.

dballing

(a) it shouldn't take hours. It tooks hours to get a place where we understood what was happening
(b) you could always just stumble upon it on your own through trial and error.

But - I agree - there are better ways to solve this. Certainly, if VPN endpoints are getting heuristically tagged as higher-risk (which I can absolutely believe is credible) I can understand adding some additional checks (second-factor authentication, etc.) to make sure nothing untoward is happening. Blocking access completely (and with an inaccurate error... its not "invalid credentials", it's "suspect origin IP") is not the answer.

junglechuck

This is insane- I can't believe this is still going on for over two months. Commenters who say that blocking VPN IP's won't protect anything are correct. The Quicken security team should be canned for this. 2FA isn't really that secure if someone really sophisticated wants in.

dballing

> @junglechuck said:
> 2FA isn't really that secure if someone really sophisticated wants in.

SMS and e-mail based 2FA aren't that secure (well not secure at all), but there are plenty of actually-secure 2FA models out there, even ones that are available to the common-folk

wytske

@Bob@34:
Many thanks for sharing your experience. I too am pleased to report that (after waiting over 48 hours) Quicken is now running as before. Following your procedure, I have restarted and successfully updated my Quicken data not only using NordVPN to the US, but also both with VPN to the Netherlands and entirely without a VPN.

Wayne Whalen

I dont want to use a VPN. I want to use my quicken software like I have been for the past30 years, 20 of which have been from Japan. Where was the email explaining the security change and the needed process for fixing it? This is beyond pissing me off!

Florin.Teo

I'm having the same issue on a Windows laptop I just setup. I am travelling to Europe and I am unable to login even on www.quicken.com ("invalid credentials" loop). Quicken app (R42.8, Build 27.1.42.8) is similarly failing on signing in. As such, it blocks the access to my data.

I can connect remotely to a computer in the US and on that one I can sign in both on the website and in the app (so it's not an issue with the credentials and/or account being blocked). I followed all suggestions I found in this forum, including 24hrs+ wait.

I must say not being able to access your data when you need it the most is very frustrating, particularly for a software on a recurrent paid subscription.

For Quicken support: as this thread (and others) prove, there's a non-negligible crowd affected by this issue, which is also quite impairing. You seem to acknowledge it with "This is a known issue that our development team is currently working on, however, there is no ETA". like others, I work in software and I know that from the outside issues seem simpler than they are. In this case however it seems to me communication & updates on progress should be made more visible rather than just buried in community posts.

System

This discussion was created from comments split from: "Invalid Credentials" - signing into QMac - from outside US.

Priit Aavik

This has been quite frustrating. Can somebody please update if there is a fix or update on this case?
Accessing web is fine but accessing app is not possible.

If you are travelling and working abroad and therefore are not able to use quicken then it should be now openly said by Quicken.

alf1234

I was finally was able to make Quicken work again. I am located in Spain and I run into the "invalid" credentials when I had to reinstall Quicken on a newly purchased Mac. I was unable to log into Quicken’s website through Safari / Firefox / Chrome, or to activate my copy of Quicken through the application itself.

I tried using Fastest VPN and ProtonVPN (free version), and I was still unable to login. Then I signed up with ExpressVPN, as suggested by other users, and at least through their New York and New Jersey-3 servers, I was able to log in to both Quicken’s website, and through the application itself. I also made sure to turn off in Safari under its preferences “Website tracking” and “Hide IP Address”, and to turn off all content blockers.

Special thanks to @dballing for his detailed explanations, which helped me figure out what to do. I guess that Quicken only blocks some VPN endpoints.

Quicken support: Please solve this issue. There are lots of customers abroad or who travel outside the US affected by this.

tom_singapore

I tried to do a new install of Quicken for MacOS v6.8.3 in Singapore (moved here a few months ago for work), and hit the "Invalid Credentials" problem. I talked with a Quicken support person, and they said flat out that Quicken is *NOT* supported outside of the US/Canada! This seems to be in contrast to some official pronouncements on this forum, but on the other hand explains the problem we're all having if true.

elisimpson

Does anyone know if any Windscribe VPN servers work? I'd love to get direct acccess working again instead of having to remote desktop to a PC in the US. I have Windscribe VPN and tried a couple of servers in the Los Angeles area with no luck.

datdaddy

This started for me today. Same situation, Asked me to change password, sent me the code, entered it, changed password, then at login with new password, "Invalid Credentials." Same results with VPN. I have used this program since 1990 in the US, Germany, UK, and the Netherlands. Never had a problem like this. Tech support does not seem to understand that this is affecting so many of us. Shame there's not a competitor for us to use, since this one seems to be biting the dust. Please, someone fix this!

datdaddy

> @elisimpson said:
> Does anyone know if any Windscribe VPN servers work? I'd love to get direct acccess working again instead of having to remote desktop to a PC in the US. I have Windscribe VPN and tried a couple of servers in the Los Angeles area with no luck.
>
>

Windscribe not working for this issue from the Netherlands.

datdaddy

I just got off my third call to Quicken about this issue. Techs are blaming each other, saying, "oh, they didn't know what they were talking about, you have to wait two hours before logging in, no, you have to wait 4 hours before attempting a login. Maybe we'll escalate it if it doesn't work after four hours," etc. I explained to someone who, of course, did not care, that we need access to our own financial records and data in order to go on with life in this current world. Crickets. I cannot believe there are so many posts on this, which indicates to me that there are many more who don't post who are affected, and we still have nothing on this issue. I am desperately searching for a way to track my finances as I have done with Quicken for more than 20 years until this afternoon, when it all stopped and I have no way to get to my own financial info. Amazing.

datdaddy

I'm on the support line now with Quicken. Same old routine, blaming VPN that I am not running, blaming the VPN when I do run it, blaming anti-virus, Windows firewall. All of this has been tested to not be the problem by every tech I've talked to. I've had to humor them and go through the hoops. Now they are telling me Quicken should not work overseas -- after me using it for 20 years overseas. "We actually have a notice saying that Quicken will not run overseas." I am just a hair's breadth away from giving up on this, canning Quicken and moving on. Now advised to reset my password with the VPN on, and then login again in four hours using a VPN. I'm left with "there is hope." I'm feeling like even if I get back in I'll just grab my data and run, and may never use a service that is able to lock me out of my own financials.

datdaddy

Update: After doing the reset password with the VPN on, then logging in 4.5 hrs later with the VPN on, as instructed, I was told that "sorry, we don't support Quicken for use outside the US and Canada." And, they won't offer me access to my data in any case, actually saying that they can't help me with getting to the data to convert it so I can get out of Quicken's clutches, because they know nothing about it, "but maybe ;you can find a program to do it for you from your backups." I am so done with this. Luckily, my subscription to this ends on the 26 Aug, so I can now dump this thing forever. I knew when they started getting bought and sold that it would be trouble eventually. It's here. In a global economy, and they don't want to participate, or support US citizens overseas. Pitiful.

datdaddy

And now I can't login to cancel my subscription, so I have to use a chat bot to try to do that. Good luck, you guys.

Ps56k2

SO.... where are you located ?

Ps56k2

datdaddy said:  And now I can't login to cancel my subscription

When you try to log into the Quicken website, what happens … stalls or error message ?