Does Quicken pose as Firefox on MacOS when downloading?

M stich
M stich Member ✭✭

I recently checked the security section with recent logins at my bank. It showed a login from Firefox on MacOS (with version details, don't remember) at around the time I did an "Update All" from Quicken on Windows 10. I don't have any Apple devices anywhere. Thought it was a security breach, then found this which appears to describe the same thing:

Is this right? Does Quicken masquerade as Firefox on MacOS even when downloading on a Windows device? Nobody seems to have confirmed that we need not worry about it.

Mike

Best Answer

  • Chris_QPW
    Chris_QPW Quicken Windows Subscription Member ✭✭✭✭
    Answer ✓

    In the case of Express Web Connect +, you shouldn't get this, it will only be in the case of Express Web Connect. And you can't believe any of the information given except that there was a login at that time using your username and password.

    Express Web Connect "logs in as you". Of course, it isn't really you, it is an Intuit server (Quicken Inc's aggregator). This will be true whether it is because of you running One Step Update or because of Intuit doing a nightly login. This is a program/script as such it uses the same kind of libraries as a web browser would use to interact with the web server, but since it isn't really a web browser it will just use whatever information that it figures the web server will be OK with.

    Express Web Connect + on the other hand, doesn't "login as you". Between Intuit and the financial institution they are using a protocol called FDX, but at the "login" level they are using what is called OAuth. This is a rotating security token. When using Express Web Connect + the user authorizes Intuit to use this protocol/security token at the financial institution's website, and from there one this is how it will "login". So, if I'm correct it will not show up as a normal login in such a security list. I don't know for sure because as far as I can tell Chase doesn't show that information on their website and that is the only financial institution, I have using Express Web Connect +.

    Signature:
    This is my website: http://www.quicknperlwiz.com/

Answers

  • M stich
    M stich Member ✭✭

    P.s. I'm using a different bank.

    Mike

  • splasher
    splasher Quicken Windows Subscription SuperUser ✭✭✭✭✭

    The only time your computer is connecting directly with the financial institution when downloading is with Direct Connect method downloads. If the connection to the FI is either Express Web Connect or Express Web Connect+, it is a computer owned by the aggregator (Intuit) that is making the connection, generally at night.

    So, you would have to specify which download type is setup for the account (it is on the Account List screen for QWin) for anyone to comment further.

    -splasher using Q continuously since 1996
    - Subscription Quicken - Win11 and QW2013 - Win11
    -Questions? Check out the Quicken Windows FAQ list

  • M stich
    M stich Member ✭✭

    It is Express Web Connect

    Mike

  • Chris_QPW
    Chris_QPW Quicken Windows Subscription Member ✭✭✭✭
    Answer ✓

    In the case of Express Web Connect +, you shouldn't get this, it will only be in the case of Express Web Connect. And you can't believe any of the information given except that there was a login at that time using your username and password.

    Express Web Connect "logs in as you". Of course, it isn't really you, it is an Intuit server (Quicken Inc's aggregator). This will be true whether it is because of you running One Step Update or because of Intuit doing a nightly login. This is a program/script as such it uses the same kind of libraries as a web browser would use to interact with the web server, but since it isn't really a web browser it will just use whatever information that it figures the web server will be OK with.

    Express Web Connect + on the other hand, doesn't "login as you". Between Intuit and the financial institution they are using a protocol called FDX, but at the "login" level they are using what is called OAuth. This is a rotating security token. When using Express Web Connect + the user authorizes Intuit to use this protocol/security token at the financial institution's website, and from there one this is how it will "login". So, if I'm correct it will not show up as a normal login in such a security list. I don't know for sure because as far as I can tell Chase doesn't show that information on their website and that is the only financial institution, I have using Express Web Connect +.

    Signature:
    This is my website: http://www.quicknperlwiz.com/
  • QuickUserPSP
    QuickUserPSP Member, Windows Beta Beta
    edited February 29

    If you read the fine print you will see that you have given Quicken/Intuit servers permission to log into your account to retrieve information. As @Chris_QPW mentioned, I think this is only true for accounts using EWC.

  • Chris_QPW
    Chris_QPW Quicken Windows Subscription Member ✭✭✭✭

     I think this only true for accounts using EWC

    I'm not sure if Express Web Connect + "does nightly" or not, and have no way to check, because Chase doesn't report it. But one has to understand they are both "authorized" to do so, it is just that because of the way they do it, I'm not sure if it will be reported in such a security list or not.

    And BTW the possibility of Express Web Connect + logging in periodically way up if you are using Sync to Mobile/Web, because it the Quicken Connect Services that might kick that off to keep is data that the Mobile/Web apps use up to date.

    Signature:
    This is my website: http://www.quicknperlwiz.com/
  • QuickUserPSP
    QuickUserPSP Member, Windows Beta Beta

    @Chris_QPW could the difference between EWC and EWC+ be that for EWC the user is giving Quicken/Intuit permission whereas for EWC+ the FI is allowing Quicken/Intuit servers access via user authorization.

  • q_lurker
    q_lurker Quicken Windows Subscription SuperUser ✭✭✭✭✭

    For my Chase CC account, I can get info in this fashion:

  • Chris_QPW
    Chris_QPW Quicken Windows Subscription Member ✭✭✭✭

    @QuickUserPSP As I said I can't be sure of this because I can't check but what I'm talking about is:

    Express Web Connect: Intuit servers pretending to be a web browser logging in as you:

    Express Web Connect +: Intuit servers using the OAuth security token protocol call to log in. Neither is this a "web browser" or using your username and password.

    Signature:
    This is my website: http://www.quicknperlwiz.com/
  • Chris_QPW
    Chris_QPW Quicken Windows Subscription Member ✭✭✭✭

    @q_lurker Thanks! I missed that section. And as you can see it is different "Quicken/Intuit" not a fake web browser.

    Signature:
    This is my website: http://www.quicknperlwiz.com/
  • QuickUserPSP
    QuickUserPSP Member, Windows Beta Beta

    @Chris_QPW - I certainly understand but I think your statements above in your latest comment makes the answer very clear to me.

  • QuickUserPSP
    QuickUserPSP Member, Windows Beta Beta
    edited February 29

    @q_lurker thank you for showing the screen. I never thought of checking in my American Express account that uses EWC+. It doesn't show when Quicken/Intuit last accessed the account, but it shows every single time online services was connected or reconnected. Interestingly, the authorization is for a year. Not sure if this is standard.

This discussion has been closed.