Quicken Lifehub Security Flaw

rgornitsky
rgornitsky Quicken Windows Subscription Member ✭✭✭
in Using Quicken LifeHub

Hi everyone,

I wanted to flag a potential security issue I’ve noticed with Quicken Lifehub. When using the application, closing the browser or tab does not automatically sign you out. Unless you manually click “Sign Out,” your session remains active—even after exiting.

This could be a serious concern, especially considering how much sensitive information Lifehub stores (e.g., financial data, passwords, insurance details). If someone forgets to sign out and later shares or loses access to their device, anyone could open Lifehub and have full access.

It would be much safer if Lifehub automatically ended the session on browser close or after a short period of inactivity. Most secure applications follow this standard to protect users from unintended access.

Has anyone else noticed this behavior? Hoping Quicken considers adding automatic sign-out features in a future update.

Comments

  • Quicken Kirby
    Quicken Kirby I do not have Quicken yet Member, Moderator ✭✭

    Hello there @rgornitsky,
    We do timeout sessions unless you have the remember me setting on. Can you login and check how you have this set, please?
    It is my recommendation that you don't use remember me with LifeHub.

    Thanks, kirby

  • rgornitsky
    rgornitsky Quicken Windows Subscription Member ✭✭✭

    Thanks, @Quicken Kirby. I appreciate the response.

    However, I’d like to respectfully clarify that “Remember Me” and session timeout are typically distinct functions in most secure applications. “Remember Me” is generally used to prefill login credentials, not to suppress session timeouts or extend active sessions indefinitely.

    In the case of Lifehub, closing the browser without manually signing out appears to keep the session active—even if “Remember Me” is enabled—which poses a significant security risk. Users may not realize that simply closing the tab doesn’t log them out, leaving sensitive information exposed if the device is later shared or compromised.

    At the very least, there should be a strong warning if enabling “Remember Me” impacts session security, and ideally, the app should support:

    • Automatic session termination upon browser/tab closure.
    • Session expiration after a short period of inactivity, regardless of "Remember Me."

    These are standard safeguards in applications that handle financial and personal data. I hope the team will consider enhancing session security in a future update.

    Thanks again,
    Richard Gornitsky

  • MovieMom
    MovieMom Quicken Windows Subscription Member

    Thank you for pointing this out Richard, I agree, this is a security failure. I hope Life Hub takes this seriously and updates the program quickly.

Categories