nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Quicken Lifehub Security Flaw

rgornitsky

Hi everyone,

I wanted to flag a potential security issue I’ve noticed with Quicken Lifehub. When using the application, closing the browser or tab does not automatically sign you out. Unless you manually click “Sign Out,” your session remains active—even after exiting.

This could be a serious concern, especially considering how much sensitive information Lifehub stores (e.g., financial data, passwords, insurance details). If someone forgets to sign out and later shares or loses access to their device, anyone could open Lifehub and have full access.

It would be much safer if Lifehub automatically ended the session on browser close or after a short period of inactivity. Most secure applications follow this standard to protect users from unintended access.

Has anyone else noticed this behavior? Hoping Quicken considers adding automatic sign-out features in a future update.

Find more posts tagged with

Comments

Quicken Kirby

Hello there @rgornitsky,
We do timeout sessions unless you have the remember me setting on. Can you login and check how you have this set, please?
It is my recommendation that you don't use remember me with LifeHub.

Thanks, kirby

rgornitsky

Thanks, @Quicken Kirby. I appreciate the response.

However, I’d like to respectfully clarify that “Remember Me” and session timeout are typically distinct functions in most secure applications. “Remember Me” is generally used to prefill login credentials, not to suppress session timeouts or extend active sessions indefinitely.

In the case of Lifehub, closing the browser without manually signing out appears to keep the session active—even if “Remember Me” is enabled—which poses a significant security risk. Users may not realize that simply closing the tab doesn’t log them out, leaving sensitive information exposed if the device is later shared or compromised.

At the very least, there should be a strong warning if enabling “Remember Me” impacts session security, and ideally, the app should support:

Automatic session termination upon browser/tab closure.
Session expiration after a short period of inactivity, regardless of "Remember Me."

These are standard safeguards in applications that handle financial and personal data. I hope the team will consider enhancing session security in a future update.

Thanks again,
Richard Gornitsky

MovieMom

Thank you for pointing this out Richard, I agree, this is a security failure. I hope Life Hub takes this seriously and updates the program quickly.