Bank of America not asking me to authenticate since change in download method

EmKay
EmKay Quicken Windows Subscription Member ✭✭✭✭
Is this by design?  I have multifactor authentication on my account set up, so that I should get a text with a code, and that had been working.  Then I got a message within Quicken that Bank of America was requiring a change in the way transactions were downloaded, and the change was made (to "Express Web Connect+").

Now, I *seem* to be getting downloaded transactions, but I'm never prompted about the authentication.

Is that right, or a problem?

Quicken Classic Premier (Windows) R52.33

Best Answers

  • Frankx
    Frankx Quicken Windows Subscription SuperUser ✭✭✭✭✭
    Answer ✓
    Hi @EmKay

    That makes sense.  You still should be seeing the mulitfactor authorization outside of Quicken, however with the switch of BOA to the EWC+ connection for Quicken downloads, it makes sense that you will not see that prompt.

    Frankx

                            Quicken Home, Business & Rental Property - Windows 10-Home Version

                                             - - - - Quicken User since 1984 - - - 
      -  If you find this reply helpful, please click "Helpful" (below), so others will know! Thank you.  -

  • Chris_QPW
    Chris_QPW Quicken Windows Subscription Member ✭✭✭✭
    Answer ✓
    You must have been using Express Web Connect with Bank of America before the switch to Express Web Connect +.

    Express Web Connect is Intuit (Quicken Inc's aggregator) login into the financial institution's website as you, and as such is subject to the same rules as you logging in with a web browser.

    Both Direct Connect and Express Web Connect + on the other hand use different security models.
    Direct Connect is Quicken logging directly into an OFX server at the financial institution and uses that security model.

    Express Web Connect + uses a different protocol called FDX, and it heart it uses another protocol called OAuth2 for the actual authorizing of logging in, which doesn't use your username and password, instead it uses a rotating security token that can only be generated by Intuit.

    This makes the log in by Intuit secure in the same way that most financial institutions consider their mobile App secure and don't require a second authentication, because in fact the mobile App provides that second authentication.

    I might add the OAuth2 protocol is used widely for secure logins for machines.  They need a way to securely login and do it without human interaction.

    You can sort of think of it like where a financial institution gives you a physical security token device where the number on it changes frequently (typically 1 minute) as the secondary authentication.  Other examples in software are Google Authenticator, Microsoft Authenticator, and Authy, and many more.  But instead of using a 6-digit number it uses a much longer token since the computers unlike humans have no problem with sending 30-digit or more strings.
    Signature:
    This is my website: http://www.quicknperlwiz.com/

Answers

  • Frankx
    Frankx Quicken Windows Subscription SuperUser ✭✭✭✭✭
    Answer ✓
    Hi @EmKay

    That makes sense.  You still should be seeing the mulitfactor authorization outside of Quicken, however with the switch of BOA to the EWC+ connection for Quicken downloads, it makes sense that you will not see that prompt.

    Frankx

                            Quicken Home, Business & Rental Property - Windows 10-Home Version

                                             - - - - Quicken User since 1984 - - - 
      -  If you find this reply helpful, please click "Helpful" (below), so others will know! Thank you.  -

  • Chris_QPW
    Chris_QPW Quicken Windows Subscription Member ✭✭✭✭
    Answer ✓
    You must have been using Express Web Connect with Bank of America before the switch to Express Web Connect +.

    Express Web Connect is Intuit (Quicken Inc's aggregator) login into the financial institution's website as you, and as such is subject to the same rules as you logging in with a web browser.

    Both Direct Connect and Express Web Connect + on the other hand use different security models.
    Direct Connect is Quicken logging directly into an OFX server at the financial institution and uses that security model.

    Express Web Connect + uses a different protocol called FDX, and it heart it uses another protocol called OAuth2 for the actual authorizing of logging in, which doesn't use your username and password, instead it uses a rotating security token that can only be generated by Intuit.

    This makes the log in by Intuit secure in the same way that most financial institutions consider their mobile App secure and don't require a second authentication, because in fact the mobile App provides that second authentication.

    I might add the OAuth2 protocol is used widely for secure logins for machines.  They need a way to securely login and do it without human interaction.

    You can sort of think of it like where a financial institution gives you a physical security token device where the number on it changes frequently (typically 1 minute) as the secondary authentication.  Other examples in software are Google Authenticator, Microsoft Authenticator, and Authy, and many more.  But instead of using a 6-digit number it uses a much longer token since the computers unlike humans have no problem with sending 30-digit or more strings.
    Signature:
    This is my website: http://www.quicknperlwiz.com/
This discussion has been closed.