Quicken password limits to 32 chars - TD Ameritrade password length allows 64 chars

why does quicken limit your passwords to 32 when td ameritrade limits them to 64? can they put in a patch to fix this please

Best Answer

  • JustMeHere
    JustMeHere Member ✭✭✭✭
    edited February 2020 Answer ✓
    Actually the limit is from the OFX standard which is the standard Quicken and the financial institutions use to send you your transaction (Direct Connect).

    Unless you are using the extra characters to write out a sentence I can't see how it could make any difference.  Once you exceed about 20 characters there isn't a computer on the face of the Earth that can currently guess your password within the time they estimate the Universe will be around.

    Edit:
    P.S. I sure hope your financial institutions will lock your account after just a few wrong password attempts, so in reality it doesn't even matter how many passwords can be attempted by the fastest computer.  Not to mention that the financial institution's website wouldn't allow/be able to handle log in attempts at that speed.
    Using Quicken Subscription Premier (and have a copy of Starter to test things on)

Answers

  • Ps56k2
    Ps56k2 SuperUser ✭✭✭✭✭
    just to clarify - always good to include -
    What version ...   Help --> About Quicken
    EDIT - have updated the topic title to better reflect Q&A

    QWin - R54.16 - Win10

  • Charla Kroll
    Charla Kroll Member ✭✭
    edited February 2020
    first time had problems with this: windows, quicken deluxe version r25.10 build 27.1.25.10 would love to use the 64 password. instead of the limit on 32 and reading from the boards the limit is 32. so the restriction is quicken based not Td Ameritrade.
  • JustMeHere
    JustMeHere Member ✭✭✭✭
    edited February 2020 Answer ✓
    Actually the limit is from the OFX standard which is the standard Quicken and the financial institutions use to send you your transaction (Direct Connect).

    Unless you are using the extra characters to write out a sentence I can't see how it could make any difference.  Once you exceed about 20 characters there isn't a computer on the face of the Earth that can currently guess your password within the time they estimate the Universe will be around.

    Edit:
    P.S. I sure hope your financial institutions will lock your account after just a few wrong password attempts, so in reality it doesn't even matter how many passwords can be attempted by the fastest computer.  Not to mention that the financial institution's website wouldn't allow/be able to handle log in attempts at that speed.
    Using Quicken Subscription Premier (and have a copy of Starter to test things on)
  • splasher
    splasher SuperUser ✭✭✭✭✭
    I'm guessing that you use a password manager program to maintain your 64 character passwords.  Do you use a 64 character password to access the password manager or any other means by which you record and encrypt these passwords?  If you don't, then using 64 at TD Ameritrade is pointless.

    -splasher using Q continuously since 1996
    - Subscription Quicken - Win11 and QW2013 - Win11
    -Questions? Check out the Quicken Windows FAQ list

  • Ps56k2
    Ps56k2 SuperUser ✭✭✭✭✭
    edited February 2020
    some folks have moved from the 8-char password - to the phrase password -
    "MyDogHasFleas$2020" -- that's less than 32 :smile:   can't imagine 64 chars

    QWin - R54.16 - Win10

  • Charla Kroll
    Charla Kroll Member ✭✭
    oh how smug you folks are, that have never been hacked. would prefer the 64 and td ameritrade allows it. quicken please put in a fix for this. thanks.
  • splasher
    splasher SuperUser ✭✭✭✭✭
    Not smug, just realistic.  If you do not do everything at 64 characters, then doing one at 64 and the rest at 32 or some lower number, they just have to crack the 32 and get the 64 for free.  I'll be willing to bet the reason you got hacked was not the length/complexity of your passwords but for some far simpler reason.

    -splasher using Q continuously since 1996
    - Subscription Quicken - Win11 and QW2013 - Win11
    -Questions? Check out the Quicken Windows FAQ list

  • NotACPA
    NotACPA SuperUser ✭✭✭✭✭
    oh how smug you folks are, that have never been hacked. would prefer the 64 and td ameritrade allows it. quicken please put in a fix for this. thanks.
    Every bank/card/brokerage that Q has contracts with to provide downloads would ALSO have to implement this ... to maintain the standard of uniformity.
    AIN'T GONNA HAPPEN!

    Q user since February, 1990. DOS Version 4
    Now running Quicken Windows Subscription, Business & Personal
    Retired "Certified Information Systems Auditor" & Bank Audit VP

  • JustMeHere
    JustMeHere Member ✭✭✭✭
    oh how smug you folks are, that have never been hacked. would prefer the 64 and td ameritrade allows it. quicken please put in a fix for this. thanks.
    There is never going to be change unless the OFX standard is updated, and they aren't about to do it.  And as such Quicken isn't about to do it because they can't send your password to the financial institution.

    And as for "hacking", yes it happens, but not by "guessing the password", which is the only reason for thinking that going from 32 characters to 64 will help.

    One form of "hacking" is the "virus".  Once there is a program on your machine that can monitor what you do, no password is ever going to be safe because they can record what you put in.

    Another form of "hacking" is when the web site uses "security questions" and the user doesn't realize that they are even more likely to be guessed because the user actually "answers the question" instead of using a random character sequence that might used for their password.

    Another form of "hacking" and the most common BTW is hacking the website.  There they are attacking the software being run, not your password.  And note that they might hack say a "game site" when they aren't encrypting passwords, and if the users use the same password everywhere then they might find the users financial institution and try those passwords there.

    Here is a website that allows you to put in a password and see how fast it can be guessed "brute force" (no dictionary attack, which would apply for a password like:  G$M4&xp3ofpJnnu$Vjha)

    https://www.betterbuys.com/estimating-password-cracking-times/ 

    The above 20 character password takes "infinity" in "2020" guessing a 
    17,042,497.3kps  (kps keys/password per second.)

    I have seen other sites that have it a billions of guesses per second and a 25 character password would take in the trillions of years.

    Will Quantum computers change this?
    Maybe, but if they do, most likely 64 or a 164 character are going to matter.
    Using Quicken Subscription Premier (and have a copy of Starter to test things on)
This discussion has been closed.