Please add a 2FA option to use a phishing resistant hardware key such as those from Yubi.

g_h
g_h Quicken Windows Subscription Member
edited November 26 in Ideas for Quicken LifeHub

The kind of information stored in LifeHub will make it a hackers dream target. Per NIST Cybersecurity Framework guidelines, the SMS text 2FA approach offers a poor security level (but better than just a password) as 2FA SMS text messages are vulnerable to phone number porting scams, man in the middle attacks, etc. which are occurring every second of every day around the world. Hackers know that the number one vulnerably in any system security is social engineering, i.e. compromise a lifehub user or a Quicken employee to unintentionally provide the hacker with the information they need to compromise a users account or gain access to a system such as LifeHub. LifeHub states it uses Amazon AWS servers and AES 256 bit encryption which are the best in the industry however there are Quicken employees who must have access to the encryption keys in order to administer the database containing our files and thus make them targets as well. Do Quicken employees use a hardware key? If not they should.

Tagged:
3
Up
3 votes

Reviewed · Last Updated

Comments

  • RMT
    RMT Quicken Canada Subscription Member

    Yes, please add Yubi

Categories