Home Quicken for Windows Download, Add/Update Accounts (Windows)
Quicken Community is moving to Single Sign On! Starting 1/22/21, you'll sign in to the community with your Quicken ID. For more information: http://bit.ly/CommunitySSO

Schwab Password Length

Attempting to change Schwab password in my Password Vault I receive an Error Message telling me that a password longer than 14 characters is not allowed

This is not a Schwab limitation!

Comments

  • SherlockSherlock SuperUser ✭✭✭✭✭
    It may be the limitation Schwab provided for Quicken access.  If you haven't already, I suggest you refresh the financial institution's profile: https://www.quicken.com/support/quicken-currently-unable-verify-financial-institution-information-download

    If the issue persists, I suggest you deactivate the Online Services of all of the registers associated with the financial institution.  After you have deactivated the Online Services of all the registers associated with the financial institution, when you activate the Online Services of one of the registers, Quicken should allow you to save the new password to the Password Vault.  Quicken should provide a list of all of the accounts it finds at the financial institution and enable you to link the accounts to the appropriate existing registers.
    Quicken user since 1997
    Premier on Windows 10
  • thecreatorthecreator SuperUser ✭✭✭✭✭
    Hi @""Phil Derkum" ,

    A Password Length of 14 Characters is long  enough.

    Go to: https://www.roboform.com/  Get RoboForm Free. It has a Password Generator included.

    Go to: https://www.schwab.com/public/schwab/client_home  and sign in. Change the password to a length of 14 characters. Include Special Characters other than the Special Characters, mentioned at:  https://www.quicken.com/support/password-vault-your-bank-could-not-use-password-you-entered


    "The cause could be that the bank account login password uses special characters that interfere with Quicken's ability to download transactions. These special characters can be (but are not limited to) the ampersand (&), left carat (<), right carat (>), backslash (\), and forward slash (/). 

    1. Log in to your bank's website.
    2. Change your password to use characters other than special characters (such as &, <, >, \, or /). "

    thecreator - User of Quicken Subscription R31.20  USA & Quicken 2017 HBRP R20.6 USA
                       Windows 10 Pro 32 & 64-Bit Build 21322.1000
    also            Windows 10 Pro 64-Bit Build 19042.804

    Note: Product What's New in Quicken is grayed out.. Also Year is stuck on 2020 and Copyright Date is stuck 2018 in About Quicken.

    View: https://community.quicken.com/discussion/7859218/work-with-copies-of-your-actual-quicken-data-files/p1?new=1

  • Phil DerkumPhil Derkum Member ✭✭
    QUICK BUT INCORRECT ANSWER.

    For those of us that have large Schwab accounts 14 is not enough. My current online Schwab password is 19 characters.

    Definite bug in Quicken
  • Chris_QPWChris_QPW Member ✭✭✭✭
    QUICK BUT INCORRECT ANSWER.

    For those of us that have large Schwab accounts 14 is not enough. My current online Schwab password is 19 characters.

    Definite bug in Quicken
    There's definitely a lot of misunderstanding about what is secure and isn't.  For instance I put a random generated 14 character password that RoboForm created into this website

    https://random-ize.com/how-long-to-hack-pass/?

    It says it will take more than 49 billion years to crack it with brute Force guessing.

    But frankly this is a whole useless line of thought.  Financial institutions lock your account after about three wrong guesses.
    (I'm using the latest Quicken subscription version)
  • Phil DerkumPhil Derkum Member ✭✭
    I'm guessing that Schwab is overloaded and is throttling some capabilities to protect their system. I have run into a side effect of their throttle.
  • Chris_QPWChris_QPW Member ✭✭✭✭
    BTW don't take my answer to mean I don't think that Quicken (more likely Intuit) doesn't have a problem.  I was only commenting about what is "secure".

    The way I understand the system working is that Quicken Inc pays Intuit to maintain such information which it gets from the financial institutions.  And it provides that information to Quicken when is suppose to use it to determine what is "good password" or not.

    Needless to say there can be a "breakdown" of this information getting passed along.

    Personally I think it is all the wrong approach.  Quicken shouldn't be the "checker of good passwords".  They should just accept any password (with in the limitation of the OFX standard which is 32-characters) and let the financial institution reject the password when connecting if it isn't a "good password".

    But of course if they are going to have such a system, they do need to maintain it, and if the financial institution is allowing 19 character then that information should get to Quicken be correct.
    (I'm using the latest Quicken subscription version)
  • Chris_QPWChris_QPW Member ✭✭✭✭
    I'm posting an update to my comment above now that I have some new information.  Information that I never knew before and I don't think any of the other SuperUser's know.

    "A little birdy" pointed out this information his OFX log:

           <SIGNONINFOLIST>
              <SIGNONINFO>
                <SIGNONREALM>Schwab
                <MIN>6
                <MAX>234
                <CHARTYPE>ALPHAANDNUMERIC
                <CASESEN>Y
                <SPECIAL>Y
                <SPACES>Y
                <PINCH>N
                <CHGPINFIRST>N
              </SIGNONINFO>
            </SIGNONINFOLIST>


    So clearly at least for Direct Connect (which would be all investment accounts) the financial institutions are actually sending their password requirements.  This information doesn't have to come through Intuit, and as such if it is out of date/wrong and Quicken is using it (and I see not reason why it wouldn't be using it) the clearly it should be an easy look in the OFX log kind of operation to see if it is wrong.  And if it is then it is the financial institution that has to fix it.

    This information isn't available for Express Web Connect accounts so most likely "through Intuit" and refresh the financial institution recommendations are correct for the accounts connected that way.

    And given for Direct Connect that this information is coming directly from the financial institution it does make sense that Quicken "pre checks it" instead of just sending the "illegal" password as the user typed it and having it rejected.

    BTW in reference to Charles Schwab.  I don't have such an account, but the above information from the "little birdy" does, and clearly there isn't a 14 character restriction and he did test that in fact passwords greater than 14 characters work just fine.
    (I'm using the latest Quicken subscription version)
Sign In or Register to comment.