Please add a 2FA option to use a phishing resistant hardware key such as those from Yubi.

g_h
g_h Quicken Windows Subscription Member
edited November 2024 in Ideas for Quicken LifeHub

The kind of information stored in LifeHub will make it a hackers dream target. Per NIST Cybersecurity Framework guidelines, the SMS text 2FA approach offers a poor security level (but better than just a password) as 2FA SMS text messages are vulnerable to phone number porting scams, man in the middle attacks, etc. which are occurring every second of every day around the world. Hackers know that the number one vulnerably in any system security is social engineering, i.e. compromise a lifehub user or a Quicken employee to unintentionally provide the hacker with the information they need to compromise a users account or gain access to a system such as LifeHub. LifeHub states it uses Amazon AWS servers and AES 256 bit encryption which are the best in the industry however there are Quicken employees who must have access to the encryption keys in order to administer the database containing our files and thus make them targets as well. Do Quicken employees use a hardware key? If not they should.

Tagged:
3
3 votes

Reviewed · Last Updated

Comments

  • RMT
    RMT Quicken Canada Subscription Member

    Yes, please add Yubi

  • Quicken Kirby
    Quicken Kirby I do not have Quicken yet Member, Moderator ✭✭

    Hi @g_h  and @RMT,

    Thanks so much for your suggestions and care about our security practices. As you can imagine, we don't discuss the details of our security practices. However, we constantly review and adjust them to address emerging security threats. We are also audited yearly by an independent qualified security auditor.

    I love feedback and hearing from customers. Thanks so much for your input.